IT Compliance and Controls

Converging Business, Information, and Controls

IT Compliance and Controls header image 4

Entries Tagged as 'Identity Theft'

Article: Blackmail payments for stolen client data

February 21st, 2008 · No Comments

Yesterday I highlighted that organizations must consider the value of information based on the party that possesses it, i.e. If the information was made available to anyone – what could they do and how bad would the impact be to your organization? Today’s Wall Street Journal had an article entitled “Another Liechtenstein Bank Suffers Theft […]

[Read more →]

Tags: Fraud · Human Resources · Identity Theft · Risk Awareness

Weak Principle Controls are Cause of Security Breaches

February 4th, 2008 · No Comments

Remediation and corrective action are part of the lessons learned when a negative event (security breach, fraud, etc…) occurs within an organization.  It is regarded as best practice to learn from one’s own mistakes, and an even better practice to learn from OTHER’s mistakes.  In either case understanding what controls may address the situation on […]

[Read more →]

Tags: Access and Authorization · Identity Theft · iso27001 · Logical Access · PCI · Physical Access · Risk Awareness · Technology Intelligence

Settled Identity Theft Complaints with the FTC

January 31st, 2008 · No Comments

A constant challenge for organizations is measuring the potential impact and consequences of mandated regulations. The weighting of compliance initiatives based on such consequences is not best practice, but is common. The need to demonstrate a true cost benefit analysis is dependent upon, in part, to the actual follow through and enforcement of requirements by […]

[Read more →]

Tags: FTC · GLBA · Identity Theft · Risk Awareness · Technology Intelligence · Technology Strategy Orchestration