Is%20IT%20Compliance%20A%20Profession?%20A%20Workshop%20on%20Refining%20Our%20Common%20Body%20of%20Knowledge,%20Skills%20and%20Ethics

1
Is IT Compliance A Profession? A Workshop on
Refining Our Common Body of Knowledge, Skills and
Ethics

• Peter T. Davis PrincipalPeter DavisAssociates

2
The Need

• Is compliance a profession or a job?
• Is there a need for a certification?
• Should the ITCi offer the certification?
• Or should they partner with someone else?

3
Professional Requirements

• Professions require
• Code of Ethics
• Body of Knowledge
• Testing on the body of knowledge
• Regulation

4
Qualifications

• Experience
• Years
• Disciplines
• Exam
• Code of Ethics
• Sponsor
• Grandfathering?

5
COMPBOK

• What is included in the Body of Knowledge?
• What will we call it?
• Do you think people would respond to a survey on
  job specifications?
• Should ITCi go for ANSI certification?

6
Suggested Table of Contents

• Management principles
• IT Governance
• Laws and regulations
• Records management
• Ethics
• Security
• Privacy
• Risk management
• Control self-assessment
• Investigations
• Performance management

7
Management Principles

• Processes and Business process mapping
• Controls and testing
• Plan?Organize?Staff?Direct?Control and PDCA/PDSA
  and DMAIC/DMADV
• Organizational and committee structure
• Marketing influence without authority
• Budgeting
• Awareness and training
• Policy framework

8
IT Governance

• COBIT
• ITIL
• ISO 27000
• M_o_R
• CRAMM
• MSP
• PMBOK
• PRINCE2
• CMMI
• Six Sigma

9
Laws and Regulations

• Legal concepts, e.g., evidence, eDiscovery
• Which ones?
• SOX/Bill 198
• HIPAA
• GLBA
• PCI DSS
• Privacy
• Electronic evidence e.g., FRCP

10
Records Management

• Legal requirements
• Guidelines
• Record retention policy
• Retention schedules
• Enabling technologies

11
Ethics

• Tone at the Top
• Legal and regulatory requirements
• Ethics topics
• Ethical fallacies and dilemmas
• Code of Conduct
• Ethics plan

12
Security

• CIA
• Compliance tools

13
Privacy

• Concepts
• Privacy enhancing technologies, i.e., PET

14
Risk Management

• Concepts
• Definitions
• Process
• Quantitative vs. qualitative

15
Control Self-Assessment

• Concepts
• Techniques
• Surveys

16
Investigations

• Organization
• Incident handling
• Forensics
• Reporting

17
Performance Management

• Process
• Definitions
• Metrics
• Reporting
• Maturity model?

18
Solicitation

• Would you like to help?

19
Questions and Answers
20
Contact Information
Peter T. Davis, Principal Peter
DavisAssociates ptdavis_at_pdaconsulting.com
416-907-4041
Please Complete Your Session Evaluation