- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
The Institutional Need for Comprehensive Auditing Strategies
- Abstract
- This paper examines the challenges in today's regulatory environment for financial institutions (primarily from the large institution's perspective, since they undergo the greatest scrutiny) and makes the argument that a high level, comprehensive auditing strategy is needed to allow organizations to respond effectively. In recent years, operational risk, as it relates to information security, has become more and more the focus of regulatory agencies and standards groups (e.g., NAIC, Basel II, BITS, FFIEC and many others). Why is this happening? Assessing business risk has been around along as business itself, but the present migration to e-Business and it's related exposures has caused business and its related regulatory agencies to examine the need and set expectations for appropriate risk preparedness. But establishing these expectations - also known as industry good practice - is only Part I of the work that needs to be done. Readying an organization to respond is Part II.