Companies using multiple business applications struggle with keeping track of which employees have access to each of these systems. The access rights an employee has in one application might not match the rights they have in another.
Establishing a unified plan to define user roles and privileges and tracking the roles assigned to each employee can be a daunting task; yet, it is essential that companies understand their responsibilities and ensure proper compliance with laws and regulations in order to avoid fines, not to mention loss of company funds and intellectual property.
Following is a list of the primary standards that define the process of managing governance, risk, and security compliance:
- COBIT 2019 – IT process and governance framework published by the Information Systems Audit and Control Association (ISACA).
- The Risk IT Framework – Technology risk framework that aligns with COBIT, developed and maintained by ISACA
- Risk Scenarios – Using COBIT 5 and Risk IT as the basis, this framework focuses on risk scenarios and Key Risk Indicators (KRIs)
- NIST – Information security focused standards from the National Institute of Standards and Technology
- ISO 27001 – Information security focused standards from the International Organization for Standardization
- COSO ERM – General framework defines the components of Enterprise Risk Management (not specific to IT)
- PMBOK – Project Management Body of Knowledge from the Project Management Institute
- ITIL – Information Technology Infrastructure Library, framework focused on IT service delivery
- IIA GTAG 11 – Focused on IT audit planning by the Institute of Internal Auditors
- Center for Internet Security (CIS) – A list of the top 20 critical security controls
These standards will help your business assess your current level of risk and define systems and processes you can put in place to control your company’s exposure to risk in the future.
If you'd like to learn how to balance risk and data protection with cross-application security, join the on-demand session from GRC Days, presented by KPMG, "Applications, Risk Mitigation, And Compliance - A Balancing Act For Peak Business Performance".