 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ¨ |
The
purpose of assurance is to establish confidence that
|
|
|
you
can protect things of value.
|
|
|
| ¨ |
Many
types of value:
|
|
|
|
– |
Protect
because you think valuable
|
|
|
|
– |
Protect
because your customer thinks valuable
|
|
|
|
– |
Protect
to meet legal requirements (HIPPA, EU Privacy, DMCA)
|
|
|
– |
Protect
because of contract requirements
|
|
|
| ¨ |
Each
of these introduces different requirements, different
|
|
|
types
of exposure, and different “remedies” for failure.
|
|
|
| ¨ |
Protection
is a cost/benefit tradeoff
|
|
|
|
– |
There
is no such thing as perfect protection; only reasonable
|
|
|
dilligence.
|
|