GRC Information Security - Governance, Risk Manager and Compliance Management

by Rafael Roseira Barbosa

"A close look at current Risk Management frameworks such as the AS/NZS 4360 or the ISO 31000 (under development), leads to the conclusion that risk assessment is but one of the activities performed within a more comprehensive process..." Download (PDF)

by Geraldo Ferreira

The scene has changed radically. Ten years ago, security professionals had no literature on which to base their work. Today, there is a profusion of security requirements (laws, regulations and guides) that must be followed by...  Download (PDF)

by João Ambra CISSP, MCSO, 27001 Lead Auditor

Around the year 2000, due to the large increase in the amount of frauds using credit card numbers, credit card companies started to individually define security requirements. In order to make this task easier, the companies got together in 2004 and created a single standard called Payment Card Industry Data Security Standard - PCI DSS... Download (PDF)

by Rafael Roseira Barbosa 

Risks identified within an organization, as well as the corresponding corrective actions, are demonstrated to both the strategic groups and operating teams by means of Risk Communication, one of the activities performed in the scope of Risk Management.This activity is crucial in producing the necessary basis... Download (PDF)

by Rafael Roseira Barbosa

Organizations' are increasingly interested in keeping corporate governance functional and suitable, either for regulatory reasons - as is the case with Sarbanes-Oxley - or for the purpose of maintaining a good internal control structure. In this scenario, it is essential to have clear knowledge of related risks, and not only those associated with... Download (PDF)

by Marcelo Gherman

In our article The Compliance Challenge in Information Technology, we saw that the Compliance module recently incorporated to Modulo Risk Manager™ displays cross-references between controls investigated during risk assessments and requirements set forth in best... Download (PDF)

by Eduardo Poggi and João Ambra

Modulo Risk Manager™ assists companies in this new challenge, allowing structured management of the operating effectiveness of controls related to IT systems and infrastructure. Download (PDF)

by Caroline Simões and Leonardo Freitas

The term Compliance means "conforming to, obeying, abiding by". In information technology (IT), being compliant means conforming to rules, regulations, or best practices. There are currently several standards of best practices in the IT area, which are adopted by managers in the process of implementing internal controls and managing IT-related risks. In this article we present summarized descriptions of two of the main standards used in the IT area. Download (PDF)

by Marcelo Gherman and Eduardo Poggi

Modulo Risk Manager provides quick status reports on the organization's IT processes, and how they contribute to the main objectives of the business. Based on the Cobit structure, the system's new features provide a quick assessment of the maturity level of any IT process, by means of a web-based interview... Download (PDF)

by Eduardo Poggi

Those in charge of evaluations and assessments can use Modulo Risk Manager™ tools for developing their own knowledge bases (knowledge) and for automating processes. Download (PDF)