Governance

Gramm-Leach-Bliley Act (GLBA) Safeguards Rule Service Provider Due Diligence, here is the checklists:

1. Describe your organization's administrative, technical, and physical safeguards over non-public financial information to which you may have access if you are selected as the University's vendor. Note that these safeguards must be appropriate to the size and complexity of your firm, the nature and scope of your activities, and the sensitivity of customer information at issue. Use as many pages as necessary to respond.

2. Describe your current or planned procedures for detecting and responding to breaches of security re: access to such non-public financial information. Use as many pages as necessary to respond.

3. Has your organization designated an employee or employees to coordinate the information security program?

There are many security issues relating to mobile systems beyond 3G. A distinction can be made between security for services (like web-browsing, e-commerce, etc.) and security for transport (e.g. IP connectivity, mobility management, Quality of Service, session control). The principle to separate transport from applications in the design and implementation of the system seems to be generally accepted. The use of this principle will reduce the complexity of the overall system and allows for an independent evolution of transport networks and applications. This chapter focuses on security for the transport network; in particular, on the security features and mechanisms required to provide IP connectivity to a globally roaming user. A secondary focus is on security for Quality of Service procedures in a mobile system beyond 3G.

In order to cope with the uncertainties of the detailed architecture of future mobile systems and to further reduce the complexity of the work, a modular approach was chosen. Five basic functional building blocks have been identified that are likely to be required in any type of post-3G mobile system. The different building blocks were selected in such a way that a change in one building block would have a minimal affect on the other building blocks and that it should be possible to create the overall security architecture by combining these building blocks in a suitable way. The five main building blocks identified are:

Alignment – Provide for strategic direction of IT and the alignment of IT and the business with respect to services and projects.

Value Delivery – Confirm that the IT/Business organisation is designed to
drive maximum business value from IT. Oversee the delivery of value by IT to the
business, and assess ROI.

Risk Management – Ascertain that processes are in place to ensure that risks
have been adequately managed. Include assessment of the risk aspects of IT
investments.

Resource Management – Provide high-level direction for sourcing and use of IT resources. Oversee the aggregate funding of IT at enterprise level. Ensure there is an adequate IT capability and infrastructure to support current and expected future business requirements.

This sample question is for CIA exam part I: Governance, Risk and Control

1. Which of the following actions would be a violation of auditor independence?

a. Continuing on an audit assignment at a division for which the auditor will soon be responsible as the result of a promotion.
b. Reducing the scope of an engagement due to budget restrictions.
c. Participating on a task force which recommends standards of control for a new distribution system.
d. Reviewing a purchasing agent's contract drafts prior to their execution.

The IIA now offers premier quality CIA preparation materials. The IIA's CIA Learning System is an interactive print and Web-based program designed to provide comprehensive and flexible training to CIA candidates worldwide. This new program provides timely analysis of practical audit procedures found in today's global organizations and on the CIA exam.