Our Technology & Security Risk Services Library

Below are some publications that give an Ernst & Young perspective on various IT and risk services issues facing business today.

• Data governance
  Data governance plays a pivotal role in achieving regulatory compliance. This publication explores three current business priorities which in Ernst & Young's experience continue to prove challenging for many organisations to manage successfully.
  Data protection and privacy, documentation and records management and Freedom of Information Act compliance.
  A data governance framework will provide a sound platform for these imperatives, and this publication looks at the critical factors for a successful framework. 3.2Mb
• Underestimate MiFID testing at your peril
  With the 1st November deadline for the adoption of MiFID rapidly approaching, investment firms' IT organisations are working hard to ensure that systems are ready to handle the complex requirements of MiFID. 182Kb
• Web application testing
  The number of web application security breaches, with incidents involving the exposure of sensitive data and personal information, is on the increase. This paper explores the benefits of web application testing. 98Kb
• How do you manage your threats?
  Create a secure business using Penetration testing services
  Business demand for technology means organisations are vulnerable to attacks on information security. As the threats grow in frequency and sophistication, selecting and deploying effective countermeasures becomes increasingly challenging.
  How can management maintain a constant view of the significant risks to their organisation?

  Our answer is Penetration testing - rigorously and regularly - at both a technical and a business-focused level. Read about how Ernst & Young's Penetration testing services can significantly help manage your organisation's security. 1.3Mb

• Successful IT in High Performing Organisations: The impact on business growth
  New research from Ernst & Young reveals that though great progress is being made in delivering value from IT functions, there is still significant scope for improvement and potential to reap further benefits. In-depth discussions were held with 60 c-suite business and IT leaders in 46 leading organisations to learn lessons from those companies that succeed in delivering value from their IT function, to challenge assumptions and to generate new insights. 2.6Mb
• Profiting from Experience: Realising tangible business value from programme investment with Lessons Learned reviews
  Profiting from experience looks at why otherwise successful organisations fail to reap full value from programmes and projects by not learning the lessons from their experience. 321K
• Charting the Course
  At a time when accountability for business performance and risk is increasing for the board, nearly half of internal audit chiefs believe their company audit committees are failing to recognise the IT threats facing their organisations, says Ernst & Young. 441K, December 2004
• Defending the Digital Frontier
  New research from Ernst & Young published in Defending the Digital Frontier, reveals many companies are still failing to protect their information and other digital systems despite the widespread publicity given to the threat of computer crime. Read the executive guide and diagnostic. 243K
• Information Security Dashboards
  Simply securing information systems is no longer enough. Organisations need to be able to demonstrate that their systems and the information they contain are protected. An information security dashboard, providing a single page or single screen view on the state of information security, meets those requirements. This paper examines the challenges faced in developing a dashboard, how organisations are responding to them and how to approach creating an effective information security dashboard. 655K
• Unlocking the Value in Your Data
  Information lies at the heart of effective management. Access to the 'right' data will help deliver long term value for a business, and the impact on businesses that make decisions based on poor quality data could be significant. This paper explores Ernst & Young's approach to driving Data Quality Management. 126K
• COBIT Version 4.0 - Reframing the picture
  A new version of the industry standard on IT governance has expanded its ambitions and now provides firm guidance to management as well. In this paper, Ernst & Young assess the improvements to COBIT 4.0. 159K
• IT Risk Assessment: The need for an all-round view
  Many organisations struggle to achieve a successful risk management process. Ernst & Young explores the challenges facing IT Internal Audit in assessing IT risk and how to tackle them through applying a proven approach and framework to ensure the correct scope, alignment and repeatability of IT risk assessment across the organisation. 239K
• Focus on: Information Security – a boardroom imperative
  Effective information security requires boardroom commitment and direction if it is to be driven by business requirements and not just reaction to media headlines. Alarming gaps have been identified in some organisations’ approaches to information security. Find out how to ensure your security agenda is based on business requirements and not just reaction to media headlines. 170K, April 2002