final

The new modernized COSO Framework will affect business in three big ways by:

*Articulating the role of a company when outsourcing. While today´s Businesses

can outsource many activities, they can, never outsource responsibility

*Putting fraud right out in the forefront. A business´s control Structure must now

 address issues of fraud directly.

*Highlighting the critical nature of IT. Information technology is a Needed component

that cannot be avoided in today´s business environment. Let´s face it, We simply

don’t use manual ledgers anymore.-----

Local Data Protection Approaches

*File Encryption

                        Laptops

                        Desktops

*Full Disk Encryption

                        Laptops

                        Desktops

*Encryption of Removable Media

                        USB-enabled Devices –Flash Drivers, iPod, Bluetooth devices,

Thumb Drives, Hard Disks

                        CD/DVD Writers

*Password and PIN Controls

                        Blackberry

                        Other PDA Devices

*Standards and guidelines for data Classification, usage and protection,

Access Control and Encryption-----------------

Security in the cloud

Responsibility for security Resides with company owning the data

Firms must ensure providers Provide adequate protection:

                        Where data Are stored

                        Meeting Corporate requirements, legal privacy laws

                        Segregation Of data from other clients

                        Audits and security certifications

Service level agreements (SLAs)-----------------------

These are not the same thing

Business Continuity (BC): Considers the academic, research and business

Functioning  of the institution as A whole. Includes risk assessment, and plans for

 functional units and business Processes. Potentially wider variety of scenarios to

consider.

Disaster Recovery (DR): It activities to enable recovery to an Acceptable condition

 after a disaster.  BC includes DR.DR requires guidance form BC to Direct priorities

and set scope.-------------------

Why do outsorcing? Survey Results

Key drivers for Outsorcing (Survey Results)

                        Acces best In class busness processes

                        Harness Leading technologes

                        Increase Efficiencies

                        Enhance Capabilities

                        Expand Service

                        Enrich Customer relations

                        Improve Supplier relations

                        Free up management Time

                        Decrease Operating costs

What is service Level Agreement (SLA)?

A performance-based technique where a written agreement is established between

 the customer and service provider That defines key service objectives, metrics, and

 acceptable quality levels(AQLs)

                        Primarily Used in information technology (IT) procurements

                        Expanding Into other sustainment-type services

Why adopt ITIL?

It aligns with IT business goals and service objectives

It is process driven, scalable And flexible

Reduce IT cost yet providing optimal services

Increase relationship and communication among different departments, Employees

, customers and users

Successfully adapted by HP, IBM, PG, Shell Oil, Boeing, Microsoft, P&G State of CA.

What is Green Computing?

 Green computing is the practice Of using computing resources efficiently

Designing. Manufacturing and disposing Computer servers with no impact On

 the environment

To reduce the use of Hazardous materials, maximize energy efficiency

during products lifetime

COBIT                                ITIL

Control Focused          Strong Concentration on processes

Uses IT metrics            Security is very important component

Used by auditors         Focused On Service Delivery

Critical Success Factors