IT Compliance and Controls

Converging Business, Information, and Controls

IT Compliance and Controls header image 4

Entries Tagged as 'Technology Intelligence'

How to meet the intent of Regulations in a Virtualized world…

December 3rd, 2008 · No Comments

Today I had an interesting question posted to me… Are we doing the right thing with regards to our virtualization environment and our business mandates?  This sparked several hours of discussion, but a few points arose that I thought worthy of passing along. The first is recognition that a virtualized environment IS in fact different […]

[Read more →]

Tags: iso27001 · Risk Awareness · Technology Intelligence

Weak Principle Controls are Cause of Security Breaches

February 4th, 2008 · No Comments

Remediation and corrective action are part of the lessons learned when a negative event (security breach, fraud, etc…) occurs within an organization.  It is regarded as best practice to learn from one’s own mistakes, and an even better practice to learn from OTHER’s mistakes.  In either case understanding what controls may address the situation on […]

[Read more →]

Tags: Access and Authorization · Identity Theft · iso27001 · Logical Access · PCI · Physical Access · Risk Awareness · Technology Intelligence

Settled Identity Theft Complaints with the FTC

January 31st, 2008 · No Comments

A constant challenge for organizations is measuring the potential impact and consequences of mandated regulations. The weighting of compliance initiatives based on such consequences is not best practice, but is common. The need to demonstrate a true cost benefit analysis is dependent upon, in part, to the actual follow through and enforcement of requirements by […]

[Read more →]

Tags: FTC · GLBA · Identity Theft · Risk Awareness · Technology Intelligence · Technology Strategy Orchestration

Sensitive Information includes Internet Addresses, EU Data Privacy Group

January 25th, 2008 · No Comments

Personally Identifiable Information is defined differently by each industry, country, and region. Companies must have information intelligence practices in place that account for these types of information, and means of classifying and protecting. Such information in the U.S. varies by jurisdiction, but can include medical records, financial information, and now perhaps in the EU your […]

[Read more →]

Tags: Human Resources · Monitoring and Performance Reviews · Policy and Procedures · Risk Awareness · Technology Intelligence

CIA: Energy Infrastructure Attacked

January 24th, 2008 · No Comments

In my book, IT Compliance and Controls, I highlight the importance of the energy infrastructure, and the risks that these systems face given their newly interconnectedness. To highlight the relevant points from the book – the energy infrastructures of the world support the medical, HVAC, security, and financial systems of our economies. The loss of […]

[Read more →]

Tags: Access and Authorization · Application Controls · Incident Response Capability · Logical Access · Monitoring and Performance Reviews · Physical Access · Sustain Operations · Technology Intelligence · Trusted Computing Platform Systems

Best E-Discovery Tools, Providers, and Trends

January 17th, 2008 · No Comments

The annual 2007 Socha-Gelbmann Electronic Discovery Survey has been released and is a great resource for vetting your current internal approach to managing data, and providing a quick guide for establishing a relationship based on industry opinion. Interesting facts include – market share, expertise in legal aspects of e-discovery, tools, and more.  A prime component […]

[Read more →]

Tags: Incident Response Capability · Monitoring and Performance Reviews · Security and Assurance · Technology Intelligence

News Beat: Technology Integration on the radar

January 14th, 2008 · No Comments

A quick news bite on a topic I similarly covered at the PCI DSS focused site was posted at Bank Systems and Technology.  Highlights the importance and challenge faced by organizations when they conduct M&A deals.  This article specifically covers the recent purchase by BofA for Countrywide. Check out the Article Here. Warning, they have […]

[Read more →]

Tags: Direcitonal Alignment · Risk Awareness · Technology Intelligence · Technology Strategy Orchestration

Fraud and SAS 99

December 17th, 2007 · 2 Comments

There are three conditions (that are in line with the ACFE Fraud Triangle) that are present where fraud exists – incentives, opportunities, and rationalizations.  These breakdown as: Incentives – Perpetrator is under pressure or receives a benefit from action (ex: default mortgage) Opportunity – Capability to execute fraud (ex: low possibility of detection, no controls, […]

[Read more →]

Tags: Monitoring and Performance Reviews · Policy and Procedures · Risk Awareness · Technology Intelligence · Tone at the Top

Global Impact of Corporate Espionage – a focus on China and U.S. Companies

December 11th, 2007 · No Comments

An eye opening report was put forth by the U.S. government (USCC) that focused on the political impact of China on the United States.  The report covered currency, pollution, censorship, information technology, competition, supply-chain concerns, and recommended actions.  The report is an important read to every business executive as a whole given the economic importance […]

[Read more →]

Tags: Monitoring and Performance Reviews · Risk Awareness · Technology Intelligence · Trusted Communications and Network · Trusted Computing Platform Systems

Big Business Compliance and Controls Reports released today…

September 27th, 2007 · No Comments

It seems that these past few days everyone is releasing a study or report surrounding business compliance and controls. Each has very valuable information and is definitely worth the download and read. I have included each below, and will add as new ones come out (if any) tomorrow). The biggest takeaways of these reports should […]

[Read more →]

Tags: Direcitonal Alignment · Policy and Procedures · Risk Awareness · Sustain Operations · Technology Intelligence · Technology Strategy Orchestration