IT Compliance and Controls

HITECH and HIPAA Security and Privacy safeguards have been evolving over the past 14 years.  Today a large amount of information has been provided outlining guidance for Medical providers.  Specifically 2 rules outling how to qualify for the federal incentive program for electronic health records was released today (July 13, 2010) (though not in [...]

[Read more →]

A report released this month has identified one single group that is responsible for 2/3 of ALL global phishing attacks.  This is a tremendous task and requires a exceedingly large amount of sophistication.  A telling quote from the report (available here) gives a bit of background:
Central to Avalanche’s success is its use of fast-flux botnets [...]

[Read more →]

A great amount of efficiencies exist in the Cloud solution model, but the savings can be wasted through management waste, lax business support services, and insufficient information technology controls.  Vivek Kundra (United States Government Federal CIO) gave a presentation to the Brookings Institution on how Clouds will be a central [...]

[Read more →]

A web cast by Deloitte accompanied with a poll has provided some interesting data points on the state of data governance within businesses.  On the heels of this web cast and poll results I have also added some insight from my field experience and general personal impressions.  Interesting facts include:

The definition of Data Governance is [...]

[Read more →]

The FTC sent out letters to nearly 100 organizations advising that customer and / or employee data that is protected by United States’ laws were widely available online.  The release of such information is not new to most - given the early days of Napster when entire hard drives were shared and Quickbook files and [...]

[Read more →]

According to a recent examination by global professionals relating to the failure of risk management controls with respect to financial exposures many of the failures can be attributed to very specific technology failures.  This does not excuse the vast amount of other shortfalls, and apply blame as you see fit arguments.  It does highlight that [...]

[Read more →]

In the past five years of delivering work that has been focused on aligning and enhancing corporations against contractual agreements, operational requirements, and risks - today officially classified as Governance, Risk and Compliance (or GRC) through technology I have seen real returns for my clients.  While these improvements happen immediately, the real rewards are realized [...]

[Read more →]

An incredible trend is happening in the “for contract” market  - specifically the for hire programmers.  oDesk and eLance both show dramatic upticks in the amount of work being posted and delivered on the site (nice article here on the growth).  oDesk alone is tracking about 100,000 hours a week of work, or nearly $65 [...]

[Read more →]

As the economies around the world remain challenged by the economic environment, the propensity for fraud is significantly higher.  One may speculate that fraud is consistent but only our sensitivity shifts between good and bad times.  Whichever school of thought you support is a matter of risk perspective, and quite irrelevant today.
Fraud is up on [...]

[Read more →]

As friends know, I have been launching businesses for the past few years with varied success and feelings about venture capitalists.  The summation is the common “chicken and egg problem”.  Meaning most investors that do not understand a new technology, or paradigm shifting solutions the investor(s) seek to see the solution working.  The inventor and [...]

[Read more →]