IT Compliance and Controls

Converging Business, Information, and Controls

IT Compliance and Controls header image 4

Entries from February 2008

Globalized Risks to Operations, case in point: Google’s YouTube and Pakistan

February 26th, 2008 · No Comments

On Sunday a foreign government enforced its sovereign right to censor its citizens, and consequently caused a global outage (2 hours) to the most popular video side in the planet, run by the most sophisticated global internet company – Google.  The lessons here resonate with the need for organizations to consider all aspects of risk […]

[Read more →]

Tags: Incident Response Capability · Monitoring and Performance Reviews · Operations Resiliency · Risk Awareness · Sustain Operations · Trusted Communications and Network

Article: Blackmail payments for stolen client data

February 21st, 2008 · No Comments

Yesterday I highlighted that organizations must consider the value of information based on the party that possesses it, i.e. If the information was made available to anyone – what could they do and how bad would the impact be to your organization? Today’s Wall Street Journal had an article entitled “Another Liechtenstein Bank Suffers Theft […]

[Read more →]

Tags: Fraud · Human Resources · Identity Theft · Risk Awareness

Intellectual Assets: News items on Espionage & Public Dissimination of Data

February 20th, 2008 · 1 Comment

Intellectual property for an organization can vary between trade secrets (i.e. the ‘secret sauce recipe’) and customer specific data.  Every organization must classify information appropriately based on their own usage of the data, governing laws, and best practices.  Two recent examples caught my attention as examples where data was compromised and the affects. The first […]

[Read more →]

Tags: Access and Authorization · Human Resources · Logical Access · Monitoring and Performance Reviews · Risk Awareness

Broken Internet Connections disconnect two continents

February 11th, 2008 · 1 Comment

The criticality of the Internet has grown exponentially. Consumers rely on Internet based applications (or RIA) for everything from email, CRM, ERP, publishing – and this online portal. Businesses have generally transitioned from dedicated frame relays, and leased lines to VPN tunnels through the Internet (link to Cisco Whitepaper). The efficiency gained by organizations sourcing […]

[Read more →]

Tags: Incident Response Capability · Monitoring and Performance Reviews · Operations Resiliency · Risk Awareness · Sustain Operations · Trusted Communications and Network

Weak Principle Controls are Cause of Security Breaches

February 4th, 2008 · No Comments

Remediation and corrective action are part of the lessons learned when a negative event (security breach, fraud, etc…) occurs within an organization.  It is regarded as best practice to learn from one’s own mistakes, and an even better practice to learn from OTHER’s mistakes.  In either case understanding what controls may address the situation on […]

[Read more →]

Tags: Access and Authorization · Identity Theft · iso27001 · Logical Access · PCI · Physical Access · Risk Awareness · Technology Intelligence