Press Releases
Understanding, experience and technology for success

Home > Press & News > Press Releases


Building an Effective Information Security Audit Program

Practical strategies to enable organizations to identify, monitor, and mitigate information security risks

The advent of cloud computing, social and mobility tools, and advanced technologies have brought in new security challenges and risks for organizations, both internally and externally. A recent study revealed that 31 percent of organizations experienced a higher number of information security incidents in the past two years, 77 percent of the respondents agreed that there has been an increase in risks from external attacks and 46 percent saw a rise in internal vulnerabilities, and over 51 percent of organizations reported plans to increase their budget by more than 5 percent in the next year.

Organizations are realizing the frequency and complexity of risks and the need to redefine and restructure their information security programs to counteract threats related to the accessibility, confidentiality and integrity of business information. But to ensure that their information security program is effective, they need to implement a robust information security audit program. Besides helping organizations to identify, monitor, and control information risks, an information security audit program enables organizations to gauge the effectiveness and consistency of their information security programs and processes, thus equipping them to respond to and address emerging threats and risks.

In this discussion, internal audit veteran, Dan Swanson, President and Chief Executive Officer of Dan Swanson and Associates, will join Yo Delmar, Vice President of GRC Solutions at MetricStream, to provide valuable insights on establishing an effective information security audit program in an evolving threat landscape, and strategies that organizations can employ to:

  • Evaluate their information security program and defense-in-depth strategy through an effective audit approach
  • Link information security audit to the risk and control framework
  • Report information security audit findings to the board

Join the webinar
The webinar is scheduled to take place on Tuesday, November 20 2012, at 11 am Eastern Time. To register for this event, and know more about the webinar and speakers please click here.

About MetricStream
MetricStream is a market leader in Enterprise-wide Governance, Risk, Compliance (GRC) and Quality Management Solutions for global corporations. MetricStream solutions are used by leading corporations such as UBS, P&G, Constellation Energy, Pfizer, Philips, BAE Systems, Twitter, SanDisk, Cummins and Sonic Automotive in diverse industries such as Financial Services, Healthcare, Life Sciences, Energy and Utilities, Food, Retail, CPG, Government, Hi-tech and Manufacturing to manage their risk management, quality processes, regulatory and industry-mandated compliance and corporate governance initiatives, as well as several million compliance professionals worldwide via the portal. MetricStream is headquartered in Palo Alto, California and can be reached at

Media contact: