Managing security and privacy for an organization is not an IT issue—it is a business issue requiring a comprehensive, risk-based approach to manage. Because of the risk and impact to the internal control environment, information security risk is an absolute must when outlining topics to address in the audit risk assessment and audit planning process.
In November 2013, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) will formally release long-anticipated updates to ISO/IEC 27001 and 27002. The last time these standards were updated was in 2005.
I once read an article that stated that many people worry about accidental death, particularly in ways that are very frightening, like poisonous snakes or spiders, or even alligator attacks. This same article noted that based on official death statistics, the vast majority of people actually die from chronic health causes, including heart attacks, obesity and other ailments that result from poor attention to long-term personal fitness. In 2003, accidental deaths in the United States numbered around 100,000; chronic health-related deaths were more than 2.4 million.
Add a Comment: