SF - 1.06.0 - Financial Frameworks
The financial industry and community has a more mature risk analysis then do we in the rather new information security community, so some of the financial industries frameworks are often used as security frameworks in dealing with risk analysis. These include the Sarbanes-Oxley law in the United States, the COSO standard (again from the United States), and the series of Basel international agreements.
(You have to think that the framers of the Sarbanes Oxley law were having a bit of fun. The two salient sections of the act are section 404 and section 302. These are, of course, the return codes for "file not found" and "file found" results in HTTP.)
The reliability of reported finances are the primary purposes of these financial frameworks, but this relates pretty directly to information system since information systems are generally the source of the financial reports.
These frameworks also deal with internal controls, and internal controls are a major component of information system controls.
These controls also consider the problem of insider attack and fraud. This is an ongoing and fairly intractable problem and these controls are one of the major sources of protection against them.
We will consider COSO in more detail at a later point in this material.
Security frameworks (SF) series:
Introduction and ToC: https://fibrecookery.blogspot.com/2026/06/security-frameworks-sf-0000-intro-and.html
Next: TBA
No comments:
Post a Comment