The Maturation of Controls Self - Assessments

by Timothy Salka
Sept. 1, 2017 0 comments SANS Institute Pen Testing & Audits compliance

This topic is appropriate for the Global Security Leadership Certification because it provides IT leaders with practical information and historical references. This paper provides the history of why compliance and controls are a necessary part of society and business. It will also provide the origins of the control self-assessment process and the detail needed to create, manage and mature a control self-assessment program. It also addresses how to demonstrate to senior management their ability to add value, reduce expenses, maintain innovation, and improve customer acceptance, while increasing the overall security posture of an organization. Additionally, I demonstrate a direct correlation between strong business performance and the existence of a well-managed controls program. Gulf Canada determined that their best performing businesses had management teams that embraced the integration of local controls into their business processes. These controls directly impacted the productivi...