>enterprise special interests
>smb special interests
>industry special interests
home > guidance > enterprise special interests


Frequency of controls measurement and assessment

 

The frequency with which the effectiveness of controls are measured, monitored, assessed and reported against is the factor that most consistently determines data protection winners from losers (Figure 1).

 

Figure 1: Frequency of controls assessments





























Source: IT Policy Compliance Group, 2007

 

Guidance recommendations

 

If you want to better protect sensitive data, you have to increase the rate at which the effectiveness of procedural and technical controls are assessed.  Conducting these assessments once per year will result in more frequent losses with larger financial exposure and risk.  Increasing theses assessments to at least monthly will:

 

·       Delay the onset of data losses and thefts

·       Reduce the financial outcomes of data losses and thefts

 

© IT Policy Compliance Group, 2007

 

 









"Protiviti is pleased to be part of this cooperative effort to drive greater understanding of, and improvements in, policies and regulatory compliance processes within organizations worldwide", said Rocco Grillo, Director for Protiviti's Security practice. more...



Latest Blog Topics:

Topic : Policy Shapes Outcomes
Topic : Who’s sets objectives: Legal, Business lines or IT?
Topic : Who Manages Information Security?

© 2008 IT Policy Compliance Group, USA, All Rights Reserved.privacy policy | terms of use | contact us