1. Our class focuses on integrating several aspects of information security/assurance. Part of an overall integrated approach to achieving a comprehensive information assurance program is compliance management. As you are aware there are a number of government regulations that affect both the public and private sector. Please read Learn the Science of Compliance.pdf. The author makes a strong case for centralized management of IT compliance and the use of software tools to assist in managing compliance programs.
You are the CISO of a large private financial company that is traded on the NY Stock Exchange. You were tasked by the the CIO to develop an IT compliance management program for your organization. What approach would you take to develop such a program? What regulations impact the organization? Would you consider the use of a compliance tool? If so which one and how would you justify the expense?
Remember to cite your sources and to give a complete answer to the questions posed above.
2. Wachovia case study
Read the Wachovia Case Study located here, http://gilbane.com/case_studies_pdf/CTW_Wachovia_Final.pdf#_Toc88022904.
Now, select five of the most important concepts that you identified that contributed to the success of integration of IT capabilities. Explain why you chose each one.
After watching the two videos on Vulnerability Assessment, http://www.youtube.com/watch?v=EXyl0re1MZs and http://www.youtube.com/watch?v=GqhdQ6I6dMA, how can you use this methodology to combat risk? Describe a situation where you would use it and why? What challenges would you face in using it?