Learning Objectives
In this presentation, our presenters will discuss the research they are doing with the IT Process Institute to:
- Establish a prioritized order of IT controls
- Discover which controls simultaneously reduce the risk of fraud
- Bring value back to the business
Gene Kim, Kevin Behr and George Spafford will discuss how certain controls have catalytic and sustaining properties, meaning that the value they add demonstrably exceeds the cost to implement, audit and report out on them. By focusing on these controls, organizations can not only satisfy compliance requirements, but also regain agility.
Program content
You have spent the last 12 months scrambling to comply with new IT control requirements, such as Sarbanes-Oxley Section 404. Maybe your IT controls projects passed all the audits with flying colors, or maybe you barely passed with a couple of recommended fixes. Or maybe the auditors found significant or material weaknesses, and now you have a whole team of external auditors on-site combing through all your procedures. In any of those cases, do you have the problem that maintaining controls compliance has made it impossible to get anything done? Can you afford to spend the same amount of money, time and resources for Year 2? How can you build sustainable controls that meet the requirements, but don't break the bank every year?
Participant level of understanding
This program is intended for participants with a basic or intermediate level of understanding on the topic.
About Gene Kim, Kevin Behr and George Spafford
Gene H. Kim, CISA, is the co-founder of the IT Process Institute, and also CTO and founder of Tripwire, Inc. In 1992, he co-authored Tripwire while at Purdue University with Dr. Gene Spafford. In 2004, he wrote the Visible Ops Handbook and co-founded the IT Process Institute, dedicated to research, benchmarking and developing prescriptive guidance for IT operations and security management and auditors. Although Gene is widely published on computer security, operating systems and networking in SANS, ACM and IEEE publications, he is continually fixated on the problems of process integrity issues in IT operations and security. He is currently actively working on a series of projects with the Software Engineering Institute and Institute of Internal Auditors to capture how "best in class" organizations have IT operations, security, management, governance and audit working together to solve common business objectives. Gene is currently serving on the IIA Advanced Technology Committee.
Kevin Behr is the Chief Technology Officer of IP Services and the President of the IT Process Institute. As a frequently invited speaker and published writer in the US, Kevin is repeatedly called upon to address a broad range of technology and management framework topics by organizations such as The SANS Institute, Hewlett Packard, AFCOM, The National Academies of Science, The Palmer Association, The Software Engineering Institute at Carnegie Mellon University, CERT, Tripwire and BetterManagement.com. Kevin’s 15 years in IT Operations, Security and Field Engineering experience have allowed him to identify common problem domains and develop practical alternatives for IT Operations that span both industry and scale. He has co-authored "The VisibleOps Handbook: Starting ITIL in Four Practical Steps," which focuses on the development of corporate governance models, and has worked with Carnegie Mellon University on prescriptive adoption methods for integrating best practices across IT.
George Spafford is the Vice President of Publishing for the IT Process Institute (ITPI), a non-profit organization whose goal is to further IT process improvement, and he possesses a strong interest in the intersection of human factors, security, and complexity in the world of information technology. He holds a MBA from Notre Dame, a BA in Materials and Logistics Management from Michigan State University and an honorary degree from Konan Daigaku of Japan. George is a member of the Information Systems Audit and Control Association (ISACA), the Institute of Internal Auditors (IIA) and the ITPI.
George is a prolific author on a wide range of topics including project management, technology business, communication, and security. He co-authored "The Visible Ops Handbook: Starting ITIL in 4 Practical Steps" and is currently authoring "Visible Ops: Positive Control Environment," which steps an IT organization through the implementation of a control framework that properly mitigates risk and adds value.
