GRC Information Security - Governance, Risk Manager and Compliance Management

by Carolina Duarte, João Ambra, Marcelo Gherman and Rosângela Caubit

The ISO 27001 knowledge base is based on the information security management system structure. The standard describes a cycle of improvements guided by the PDCA model, consisting in the proposal of a security plan (Plan), implementation and execution of security controls required... Download (PDF)

by Rafael Roseira Barbosa

Modulo Risk Manager™ offers a set of resources that can be used to meet different needs associated with compliance, information security management, assessment of legal risks, and audits. In order to instruct users on how to get the most of Modulo Risk Manager, we have... Download (PDF)

by Rosângela Caubit

ISO/IEC 27001:2005 is an evolution on British Standard BS 7799-2:2002, which addresses the definition of requirements for information security management systems. The standard was incorporated by the International Organization for Standardization (ISO),... Download (PDF)

by Marcelo Gherman - Security Consultant with Modulo

In this third part, emphasis is placed on a different framework - the CoCo -, which will be compared with the COSO for both strengths and weaknesses. Download (PDF)

by Marcelo Gherman - Security Consultant with Modulo

In this second part of the article, the discussion proceeds to cover the aims of certain frameworks and the features offered by the COSO.  Download (PDF)

by Marcelo Gherman - Security Consultant with Modulo

In the global business world, it is common to find multinational institutions that expand their commercial relationships with other organizations placed in strategic countries, in order to make their competitiveness and operating excellence prevail in the value chains that encompass these countries. In this context, joint ventures involving financial institutions, insurance companies, high-technology companies and organizations from several other segments are established. Download (PDF)

by Marcelo Gherman - Security Consultant with Modulo

In the risk management field, one of the needs requiring the most diverse knowledge background is systems security. As an instrument for risk assessment and knowledge management, Modulo Risk Manager™ evaluates and provides security recommendations on a series of different systems technologies, grouped as follows. Download (PDF)

by Márcio Galvão

This paper results from the hypothetical case of a company specializing in software development and generation of E-commerce Portals which provides services for large clients. Our imaginary company employs 120 people and owns modern equipment and state-of-the-art software installed on a local network environment connected to the Internet by a dedicated link. The basic protection mechanisms used - anti-virus software, firewalls - are installed and managed together with the rest of the network by a full-time administrator assisted by two interns. Download (PDF)

by Felipe Perez - Security Analyst - MS LAB

"A thorough review of the knowledge bases for the Windows operating system has been started. The purpose of this job is to update the knowledge bases in light of the new vulnerabilities discovered and the security mechanisms made available after the installation of "Service Pack 2" on Windows XP. In addition, some improvements in the language used were also made. These projects included collecting different kinds of information and placing them so as they could become controls within Windows operating system knowledge bases. Another factor encouraging a review of these knowledge bases was the "Quick Plan" offered by Microsoft to its clients". Download (PDF)