Peter T. Davis Principal Peter Davis+Associates
description
Transcript of Peter T. Davis Principal Peter Davis+Associates
![Page 1: Peter T. Davis Principal Peter Davis+Associates](https://reader035.fdocuments.in/reader035/viewer/2022081512/568156e3550346895dc48c51/html5/thumbnails/1.jpg)
Is IT Compliance A Profession? A Workshop on Refining Our Common Body of Knowledge, Skills and Ethics
Peter T. Davis PrincipalPeter Davis+Associates
![Page 2: Peter T. Davis Principal Peter Davis+Associates](https://reader035.fdocuments.in/reader035/viewer/2022081512/568156e3550346895dc48c51/html5/thumbnails/2.jpg)
IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 2
The Need Is compliance a profession or a job? Is there a need for a certification? Should the ITCi offer the certification? Or should they partner with someone else?
![Page 3: Peter T. Davis Principal Peter Davis+Associates](https://reader035.fdocuments.in/reader035/viewer/2022081512/568156e3550346895dc48c51/html5/thumbnails/3.jpg)
IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 3
Professional Requirements Professions require
1. Code of Ethics2. Body of Knowledge3. Testing on the body of knowledge4. Regulation
![Page 4: Peter T. Davis Principal Peter Davis+Associates](https://reader035.fdocuments.in/reader035/viewer/2022081512/568156e3550346895dc48c51/html5/thumbnails/4.jpg)
IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 4
Qualifications Experience
— Years— Disciplines
Exam Code of Ethics Sponsor Grandfathering?
![Page 5: Peter T. Davis Principal Peter Davis+Associates](https://reader035.fdocuments.in/reader035/viewer/2022081512/568156e3550346895dc48c51/html5/thumbnails/5.jpg)
IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 5
COMPBOK What is included in the Body of Knowledge? What will we call it? Do you think people would respond to a survey on job
specifications? Should ITCi go for ANSI certification?
![Page 6: Peter T. Davis Principal Peter Davis+Associates](https://reader035.fdocuments.in/reader035/viewer/2022081512/568156e3550346895dc48c51/html5/thumbnails/6.jpg)
IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 6
Suggested Table of Contents Management principles IT Governance Laws and regulations Records management Ethics Security Privacy Risk management Control self-assessment Investigations Performance management
![Page 7: Peter T. Davis Principal Peter Davis+Associates](https://reader035.fdocuments.in/reader035/viewer/2022081512/568156e3550346895dc48c51/html5/thumbnails/7.jpg)
IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 7
Management Principles Processes and Business process mapping Controls and testing PlanOrganizeStaffDirectControl and PDCA/PDSA and
DMAIC/DMADV Organizational and committee structure Marketing; influence without authority Budgeting Awareness and training Policy framework
![Page 8: Peter T. Davis Principal Peter Davis+Associates](https://reader035.fdocuments.in/reader035/viewer/2022081512/568156e3550346895dc48c51/html5/thumbnails/8.jpg)
IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 8
IT Governance COBIT ITIL ISO 27000 M_o_R CRAMM MSP PMBOK PRINCE2 CMMI Six Sigma
![Page 9: Peter T. Davis Principal Peter Davis+Associates](https://reader035.fdocuments.in/reader035/viewer/2022081512/568156e3550346895dc48c51/html5/thumbnails/9.jpg)
IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 9
Laws and Regulations Legal concepts, e.g., evidence, eDiscovery Which ones?
— SOX/Bill 198— HIPAA— GLBA— PCI DSS— Privacy— Electronic evidence; e.g., FRCP
![Page 10: Peter T. Davis Principal Peter Davis+Associates](https://reader035.fdocuments.in/reader035/viewer/2022081512/568156e3550346895dc48c51/html5/thumbnails/10.jpg)
IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 10
Records Management Legal requirements Guidelines Record retention policy Retention schedules Enabling technologies
![Page 11: Peter T. Davis Principal Peter Davis+Associates](https://reader035.fdocuments.in/reader035/viewer/2022081512/568156e3550346895dc48c51/html5/thumbnails/11.jpg)
IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 11
Ethics “Tone at the Top” Legal and regulatory requirements Ethics topics Ethical fallacies and dilemmas Code of Conduct Ethics plan
![Page 12: Peter T. Davis Principal Peter Davis+Associates](https://reader035.fdocuments.in/reader035/viewer/2022081512/568156e3550346895dc48c51/html5/thumbnails/12.jpg)
IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 12
Security CIA Compliance tools
![Page 13: Peter T. Davis Principal Peter Davis+Associates](https://reader035.fdocuments.in/reader035/viewer/2022081512/568156e3550346895dc48c51/html5/thumbnails/13.jpg)
IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 13
Privacy Concepts Privacy enhancing technologies, i.e., PET
![Page 14: Peter T. Davis Principal Peter Davis+Associates](https://reader035.fdocuments.in/reader035/viewer/2022081512/568156e3550346895dc48c51/html5/thumbnails/14.jpg)
IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 14
Risk Management Concepts Definitions Process Quantitative vs. qualitative
![Page 15: Peter T. Davis Principal Peter Davis+Associates](https://reader035.fdocuments.in/reader035/viewer/2022081512/568156e3550346895dc48c51/html5/thumbnails/15.jpg)
IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 15
Control Self-Assessment Concepts Techniques Surveys
![Page 16: Peter T. Davis Principal Peter Davis+Associates](https://reader035.fdocuments.in/reader035/viewer/2022081512/568156e3550346895dc48c51/html5/thumbnails/16.jpg)
IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 16
Investigations Organization Incident handling Forensics Reporting
![Page 17: Peter T. Davis Principal Peter Davis+Associates](https://reader035.fdocuments.in/reader035/viewer/2022081512/568156e3550346895dc48c51/html5/thumbnails/17.jpg)
IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 17
Performance Management Process Definitions Metrics Reporting Maturity model?
![Page 18: Peter T. Davis Principal Peter Davis+Associates](https://reader035.fdocuments.in/reader035/viewer/2022081512/568156e3550346895dc48c51/html5/thumbnails/18.jpg)
IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 18
Solicitation Would you like to help?
![Page 19: Peter T. Davis Principal Peter Davis+Associates](https://reader035.fdocuments.in/reader035/viewer/2022081512/568156e3550346895dc48c51/html5/thumbnails/19.jpg)
IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 19
Questions and Answers
![Page 20: Peter T. Davis Principal Peter Davis+Associates](https://reader035.fdocuments.in/reader035/viewer/2022081512/568156e3550346895dc48c51/html5/thumbnails/20.jpg)
Contact Information
Peter T. Davis, PrincipalPeter [email protected] 416-907-4041
Please Complete Your Session Evaluation