1 / 20

Peter T. Davis Principal Peter Davis+Associates

Is IT Compliance A Profession? A Workshop on Refining Our Common Body of Knowledge, Skills and Ethics. Peter T. Davis Principal Peter Davis+Associates. The Need. Is compliance a profession or a job? Is there a need for a certification? Should the ITCi offer the certification?

eilis
Télécharger la présentation

Peter T. Davis Principal Peter Davis+Associates

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Is IT Compliance A Profession? A Workshop on Refining Our Common Body of Knowledge, Skills and Ethics Peter T. Davis PrincipalPeter Davis+Associates

  2. The Need • Is compliance a profession or a job? • Is there a need for a certification? • Should the ITCi offer the certification? • Or should they partner with someone else? IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer

  3. Professional Requirements • Professions require • Code of Ethics • Body of Knowledge • Testing on the body of knowledge • Regulation IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer

  4. Qualifications • Experience • Years • Disciplines • Exam • Code of Ethics • Sponsor • Grandfathering? IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer

  5. COMPBOK • What is included in the Body of Knowledge? • What will we call it? • Do you think people would respond to a survey on job specifications? • Should ITCi go for ANSI certification? IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer

  6. Suggested Table of Contents • Management principles • IT Governance • Laws and regulations • Records management • Ethics • Security • Privacy • Risk management • Control self-assessment • Investigations • Performance management IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer

  7. Management Principles • Processes and Business process mapping • Controls and testing • PlanOrganizeStaffDirectControl and PDCA/PDSA and DMAIC/DMADV • Organizational and committee structure • Marketing; influence without authority • Budgeting • Awareness and training • Policy framework IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer

  8. IT Governance • COBIT • ITIL • ISO 27000 • M_o_R • CRAMM • MSP • PMBOK • PRINCE2 • CMMI • Six Sigma IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer

  9. Laws and Regulations • Legal concepts, e.g., evidence, eDiscovery • Which ones? • SOX/Bill 198 • HIPAA • GLBA • PCI DSS • Privacy • Electronic evidence; e.g., FRCP IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer

  10. Records Management • Legal requirements • Guidelines • Record retention policy • Retention schedules • Enabling technologies IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer

  11. Ethics • “Tone at the Top” • Legal and regulatory requirements • Ethics topics • Ethical fallacies and dilemmas • Code of Conduct • Ethics plan IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer

  12. Security • CIA • Compliance tools IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer

  13. Privacy • Concepts • Privacy enhancing technologies, i.e., PET IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer

  14. Risk Management • Concepts • Definitions • Process • Quantitative vs. qualitative IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer

  15. Control Self-Assessment • Concepts • Techniques • Surveys IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer

  16. Investigations • Organization • Incident handling • Forensics • Reporting IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer

  17. Performance Management • Process • Definitions • Metrics • Reporting • Maturity model? IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer

  18. Solicitation • Would you like to help? IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer

  19. Questions and Answers IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer

  20. Contact Information Peter T. Davis, Principal Peter Davis+Associates ptdavis@pdaconsulting.com 416-907-4041 Please Complete Your Session Evaluation

More Related