User Blogs

User Blogs

Discussions and Blogs
Tags >> Standards
Dec 09
2010

Rules, Standards and Models

Posted by Arno Kapteyn in Standards , SOX , Rules , PCI , ITIL , ISO 27000 , ISACA , Ethics , Cobit

Arno Kapteyn

Is there really a difference between rules, standards and models, and does it matter to IT governance? From 28-30 September I attended the ISACA Information Security and Risk Management Conference in Las Vegas. I shared my ideas on integration of the IT governance, risk, security and compliance functions. More importantly for this article, I had the time to attend presentations from other experts in the field. This gave me a number of new insights; “good stuff” for future articles. One of the presentations was titled “Harmonization of Standards” by Todd Fitzgerald. Todd is a well known figure in ISACA circles and I attended his presentation with serious expectations. As in the past, I was not disappointed. During his presentation Todd made one remark that stuck with me. He basically said that there is a lot of discussion about the difference between rules, regulations, standards and models and that in his opinion the difference was academic and of no particular interest in real life. I have seen a similar attitude with tool vendors. It is not uncommon to read claims like “tool X describes CobiT, ITIL, ISO 27000, SOX, PCI, etc.” or something to that effect. Basically I think that treating rules, standards, and models as more of the same is wrong and here comes the reason why. But first, to Todd: if I misunderstood your comment - my apologies.


Subscribe via Email

 Your Email:
Banner

Tag Cloud

2012 abduction Aberdeen Group alarm alarms Android Apple Apps ATM Skimming Audit authentication Bank Fraud Banking Security BillGuard BlackBerry botnet BPM breaches Browser Security BS 25999 burglar burglary Business Continuity BYOD card fraud change management cheating children pictures Cloud Cloud Security Cobit collaboration Community discussion Compliance computer failure Consumer Fraud Consumer IT Tips consumer privacy consumer scams contactless credit card credit card breaches Credit Card Fraud credit cards credit fraud criminal Criminal Identity Theft Cross-Device Security cyber crime cyber fraud Cyber gangs cyber monday Cyber Security cyberbullying cybercrime cybercriminal cybercriminals cybersecurity cyberwise data Data Backup Data Breaches data privacy data security Data Storage DDOS Device Reputation digital devices Digital Forensics digital life Digital Security digitally secure Disaster Recovery DNS download DPI driver's license dumps E-Commerce eBanking Electronic Discovery Electronic ESI electronic passport email and web security EMV Endpoint Security entity theft Epsilon ERM ESI Ethics Events Facebook Facebook privacy facebook safety tips facebook scam FCC FCPA FDIC Federal Government FFIEC Financial Crisis financial fraud firewall FourSquare Fraud gaming Gartner Geo-tagging gold farming Governance GPS grc GRC evaluation GRC Marketplace GRC technology readiness GRChange Green IT grey charges guard dogs hacked Hackers hacking Hackproof Hacktivism holidays home invasion home security Hotspot HotSpot Shield VPN HP IAM iCloud id ID Theft identity fraud identity proofing identity protection Identity theft identity theft prevention identity theft protection Information Management Information Security Information Supply Insider Threat Internal Audit Internal Controls internet safety internet tracking iOS app iovation IP address iphone iphone apps iPhone security IRS IRS Scams ISACA ISO 27000 ISO 27001 ISO 31000 IT Alignment it compliance it governance IT GRC Forum Events it risk management IT Security IT Service Management ITIL jailbreaking Jobs keylogger kids privacy kids safety laptop security license linkedin scam Litigation lottery scam Malware malware phishing marathon master password mCommerce Member Discount Mobile Mobile Apps Mobile Banking mobile device Mobile Device Management Mobile Devices Mobile payment mobile phone mobile phone security mobile security Mobile Wallet mSecurity Multi-Regulatory Compliance multifactor authentication myblog netgear Network Security New Years NFC NFC app Online Backup Online Banking online dating online fraud online gaming online identity online privacy online safety online scams Online Security online shopping Operational Management OSHA Outsourcing P2P Security Panel Partner Offers passport password password manager password security passwords PCI Performance Management personal data personal device Personal Security pheasting phishing phishing scams Policy predator Privacy privacy and security privacy policy Prize Draw protecting kids online public WIFI QR Codes ransomeware ransomware Regulation E remote access resume fraud Risk Assessment Risk Management router RSA Rules safety tips scam scammer scammers Scams scareware Seasonal Security security apps security tips sext Shopping Shoulder Surfers shredding skimming Skimming Fraud small business smartphone smartphones smishing Social Media social media scams social network Social Security SOX spam spammers spokesman Spyware SSDs ssn Standards strangers Strategy tablets tax fraud tax return scams tax scam tax scams Tech tech support technology Threat Management Tokenization TQM trojan Twitter typosquatting Virus viruses VPN wallet web Webcast Q&A Wi-Fi WIFI wifi hacking WiFi password Wifi security wireless Worms
Banner