>enterprise special interests
>smb special interests
>industry special interests
home > guidance > enterprise special interests


Prevention of unauthorized change and use


In addition to detecting risk-based change, organizations with the least data loss and theft and the fewest regulatory deficiencies are preventing unauthorized use and unauthorized change for very specific IT assets (Figure 1).

 

Figure 1: Preventing unauthorized use or change





























Source: IT Policy Compliance Group, 2007

 

Guidance recommendations

 

The complement to detection, leading firms are preventing unauthorized use and change for:

·       Email, Web and Internet applications

·       Registries and directories

·       Network systems

·       Databases

·       IT servers and systems

·       User accounts and entitlements

·       Administrative groups and privileges

 

Risk-based IT change management activities implemented to detect and then prevent unauthorized use and change are leading to more effective results for organizations, fewer data losses and thefts, more effective regulatory audit results, less time spent on these activities, and less cost. 

 

 

© IT Policy Compliance Group, 2007

 

 









The top five key performance indicators among industry leading organizations include: 1) non-compliant databases; 2) non-compliant computing systems; 3) all compliance deficiencies that must be corrected; 4) IT security events; and 5) activities that violate separation of duty policies. more...



Latest Blog Topics:

Topic : Policy Shapes Outcomes
Topic : Who’s sets objectives: Legal, Business lines or IT?
Topic : Who Manages Information Security?

© 2008 IT Policy Compliance Group, USA, All Rights Reserved.privacy policy | terms of use | contact us