IT Compliance and Controls

Remediation and corrective action are part of the lessons learned when a negative event (security breach, fraud, etc…) occurs within an organization.  It is regarded as best practice to learn from one’s own mistakes, and an even better practice to learn from OTHER’s mistakes.  In either case understanding what controls may address the situation on [...]

[Read more →]

A constant challenge for organizations is measuring the potential impact and consequences of mandated regulations. The weighting of compliance initiatives based on such consequences is not best practice, but is common. The need to demonstrate a true cost benefit analysis is dependent upon, in part, to the actual follow through and enforcement of requirements by [...]

[Read more →]

The need for organizations to define and communicate effective policies and procedures resonates around the globe, and is strongly supported by such governance organizations to include the WTO, The World Bank, OCEG, and the OECD, to name but a few. A first, but essential, step to ensuring appropriate controls and operational efficiency is the defining [...]

[Read more →]

Personally Identifiable Information is defined differently by each industry, country, and region. Companies must have information intelligence practices in place that account for these types of information, and means of classifying and protecting. Such information in the U.S. varies by jurisdiction, but can include medical records, financial information, and now perhaps in the EU your [...]

[Read more →]

A quick news bite on a topic I similarly covered at the PCI DSS focused site was posted at Bank Systems and Technology.  Highlights the importance and challenge faced by organizations when they conduct M&A deals.  This article specifically covers the recent purchase by BofA for Countrywide. Check out the Article Here. Warning, they have [...]

[Read more →]

There are three conditions (that are in line with the ACFE Fraud Triangle) that are present where fraud exists – incentives, opportunities, and rationalizations.  These breakdown as: Incentives – Perpetrator is under pressure or receives a benefit from action (ex: default mortgage) Opportunity – Capability to execute fraud (ex: low possibility of detection, no controls, [...]

[Read more →]

An eye opening report was put forth by the U.S. government (USCC) that focused on the political impact of China on the United States.  The report covered currency, pollution, censorship, information technology, competition, supply-chain concerns, and recommended actions.  The report is an important read to every business executive as a whole given the economic importance [...]

[Read more →]

It seems that these past few days everyone is releasing a study or report surrounding business compliance and controls. Each has very valuable information and is definitely worth the download and read. I have included each below, and will add as new ones come out (if any) tomorrow). The biggest takeaways of these reports should [...]

[Read more →]

The generous conference organizers at this years “Hack In The Box Security Conference Series” Malaysia (September 3-6) have posted the full presentations for anyone to download and enjoy. This is an excellent resource for extending your knowledge and leveraging the leading thought leaders in security. My favorite reads include Andrew Cushman’s “State of Security“, Martin [...]

[Read more →]