Articles
Compliance module - Importance and applicability
May 23, 2007 | by Geraldo Ferreira
The scene has changed radically. Ten years ago, security professionals had no literature on which to base their work. Today, there is a profusion of security requirements (laws, regulations and guides) that must be followed by... read more
Evolution of the Payment Card Industry Data Security Standard - PCI DSS
December 13, 2006 | by João Ambra CISSP, MCSO, 27001 Lead Auditor
Around the year 2000, due to the large increase in the amount of frauds using credit card
numbers, credit card companies started to individually define security requirements. In order to
make this task easier, the companies got together in 2004 and created a single standard called
Payment Card Industry Data Security Standard - PCI DSS...
The Path to Risk Communication
December 6, 2006 | by Rafael Roseira Barbosa
Risks identified within an organization, as well as the corresponding corrective actions, are
demonstrated to both the strategic groups and operating teams by means of Risk Communication,
one of the activities performed in the scope of Risk Management.This activity is crucial in
producing the necessary basis...
Security Assessment for Suppliers: SLA(Security Level Agreement)
November 24, 2006 | by Rafael Roseira Barbosa
Organizations' are increasingly interested in keeping corporate governance functional and suitable, either for regulatory reasons - as is the case with Sarbanes-Oxley - or for the purpose of maintaining a good internal control structure. In this scenario, it is essential to have clear knowledge of related risks, and not only those associated with...
Practical Applications of Compliance
November 21, 2006 | by Marcelo Gherman
In our article The Compliance Challenge in Information Technology, we saw that the Compliance module recently incorporated to Modulo Risk Manager™ displays cross-references between controls investigated during risk assessments and requirements set forth in best...
Sarbanes-Oxley Compliance
October 11, 2006 | by Eduardo Poggi and João Ambra
Modulo Risk Manager™ assists companies in this new challenge, allowing structured management of the operating effectiveness of controls related to IT systems and infrastructure.
The Compliance Challenge in Information Technology
October 6, 2006 | by Caroline Simões and Leonardo Freitas
The term Compliance means "conforming to, obeying, abiding by". In information technology (IT), being compliant means conforming to rules, regulations, or best practices. There are currently several standards of best practices in the IT area, which are adopted by managers in the process of implementing internal controls and managing IT-related risks. In this article we present summarized descriptions of two of the main standards used in the IT area.
Assessment Automation
September 05, 2006 | by Eduardo Poggi
Those in charge of evaluations and assessments can use Modulo Risk Manager™ tools for developing their own knowledge bases (knowledge) and for automating processes.
The Cobit 4.0 Strategic Assessment
August, 2006 | by Marcelo Gherman and Eduardo Poggi
Modulo Risk Manager provides quick status reports on the organization's IT processes, and how they contribute to the main objectives of the business. Based on the Cobit structure, the system's new features provide a quick assessment of the maturity level of any IT process, by means of a web-based interview...