This book provides step by step directions for organizations to adopt a security and compliance related architecture according to mandatory legal provisions and standards prescribed for their industry, as well as the methodology to maintain the compliances. It sets a unique mechanism for monitoring controls and a dashboard to maintain the level of compliances. It aims at integration and automation to reduce the fatigue of frequent compliance audits and build a standard baseline of controls to comply with the applicable standards and regulations to which the organization is subject. It is a perfect reference book for professionals in the field of IT governance, risk management, and compliance. The book also illustrates the concepts with charts, checklists, and flow diagrams to enable management to map controls with compliances.
Table of Contents
1. Emerging Trends in Technology & its Impact on Business
2. Need for compliance – challenges and roadblocks
3. Adopting an Integrated approach for compliance
4. Compliance Frameworks – possible solutions
5. Adoption of a customized approach to compliance
6. Activities/Phases to perform for achieving integrated compliance (with annexure A)
7. Designing an operating model for risk & compliance aligned with the business model
8. Next Steps – Through Automation
Priti Sikdar, FCA, CISA, CISM, CRISC, ISO 27001 LA, BS 25999 LA, PRINCE 2 (FC) Ms. Sikdar is the author of ‘Practitioner’s Guide to Business Impact Analysis (BIA)’ published by Auerbach publishers in July 2017. Ms Sikdar is in the risk, audit and assurance sector for over 25 years and have performed internal audits, compliance standards rollouts, risk assessments and other similar assignments in the GRC space. She has developed the ISO 27001 standard rollout, the ISO 22301 business continuity implementation, risk assessment as per ISO 31000, and many such compliance related implementation and internal audits. She is a recognized trainer and a keynote speaker at security and resilience conferences.
Ms. Sikdar has worked as Head of Finance for Shipping and Logistics Company. She has been Partner with Ray & Co Chartered Accountants where she performed many bank audits relating to risk based, IS audits and data migration and post-implementation audits. She was also into Sarbanes Oxley Compliance where she was performing ITGC and Revenue modules of SOX. She owned ISA Tutorials where she was teaching Chartered Accountant IT audit, IS systems and how to audit in complex technology environments. Ms. Sikdar has worked with Grant Thornton, as Manager Business Risk Services where she has initiated a BS 25999 rollout, SAS 70 assignments and Enterprise Risk assessments. She was with KPMG London where she was doing IT internal audit for Financial Services sector and also was spearheading a big in-house Technology Global Services Project for 6 divisions of Technology within Risk & Assurance function.
Ms. Sikdar has authored two books; ‘Information Systems Audit & Security’ and ‘Management Information Systems for Final C.A.’ published by Lawpoint Publishers India. Besides she has been authoring articles and white papers on IS Audit and Business Continuity Planning as well as speaking in International Conferences and ISACA local chapters. Her articles are carried in Indo-Swiss and Indo-US magazines and she does a lot of online mentoring for students appearing for CISA, CISM examinations. Ms. Sikdar gives online consulting for US and South Africa regions on third party assurance, secure infrastructure building, writing of security policies and rolling out an information systems management system in line with ISO 27001 and ISO 22301 standards. As subject matter expert, she is consulted for complex IT audit and control assignments and she is involved in risk assessments and gap analysis for her clients in India.