First ever HHS HIPAA audit questions detailed  

Auditors inspect hospital’s policies and procedures on 42 IT security topics

http://www.itcinstitute.com/info.aspx?id=40041

VA puts aside $20 MM to cover latest data breach

Missing hard drive holds information on nearly every US doctor

http://www.itcinstitute.com/info.aspx?id=40042

Supreme Court upholds strict standard of proof for corporate fraud

Private Securities Litigation Reform Act upheld, "cogent and compelling" burden of proof stands

http://www.itcinstitute.com/info.aspx?id=40043

French ban BlackBerries

National security concerns cite fear of data interception

http://www.itcinstitute.com/info.aspx?id=40044

Mpack exploit causing massive Web site infections

Victims in Europe and the US infected with a keylogger on their machines

http://www.itcinstitute.com/info.aspx?id=40045

RegulationWatch

Wall Street regulators offer new electronic message guidelines

Electronic messages that cannot be monitored should be blocked

http://www.itcinstitute.com/info.aspx?id=40046

White House circumvented e-mail preservation law

Staffers defied the law by using Republican National Committee e-mail

http://www.itcinstitute.com/info.aspx?id=40047

Federal agencies skating on FISMA

Complying with FISMA does not equate to better security, according to GAO

http://www.itcinstitute.com/info.aspx?id=40048

SEC seeks additional comment on upcoming AS5

Clarifying "materiality" and "material weakness" is a priority

http://www.itcinstitute.com/info.aspx?id=40049

New Research

IT professionals confess they are unequipped to handle a data breach

Many divulge they can neither detect a breach nor notify victims

http://www.itcinstitute.com/info.aspx?id=40050

Use of real data to test payment card systems risks privacy and security

No valid test data exists, forcing merchants to use real customer data

http://www.itcinstitute.com/info.aspx?id=40051

IT headaches are a major time sink for business managers

Business managers spend more than 10 percent of their time on IT-related crises

http://www.itcinstitute.com/info.aspx?id=40052

Phishing up while spam stays static

Study reveals a 784 percent rise in phishing Web sites in first quarter of 2007

http://www.itcinstitute.com/info.aspx?id=40053

ProsecutionWATCH

AOL phisher nets six years of prison

First person convicted under CAN-SPAM Act gets six year jail sentence

http://www.itcinstitute.com/info.aspx?id=40054

Former Enron Broadband CEO gets two years of prison

Enron internet chief faces 27 months in jail and $15MM fine

http://www.itcinstitute.com/info.aspx?id=40055

Four banks charged in Parmalat collapse

Citigroup, UBS AG, Deutsche Bank AG, and Morgan Stanley face market-rigging charges

http://www.itcinstitute.com/info.aspx?id=40056

Los Alamos National Laboratory accused of security breach

Los Alamos contractor sent nuclear secrets by unencrypted e-mail

http://www.itcinstitute.com/info.aspx?id=40057

Business can’t survive without taking risks, but those risks must be balanced against opportunities. Risk management frameworks can offer guidance in setting up best practices around enterprise risk management—but the popular COSO shouldn’t be considered the only game in town.

By Linda L. Briggs

Risk management is a red-hot topic in business today, which means that risk management frameworks and standards are also in vogue. As is often true in business, one framework has captured most of the attention, and consequently the mindshare, of US businesses working to get a handle on their risk strategies. That framework is COSO Enterprise Risk Management – Integrated Framework, an enterprise risk management framework commissioned in the early 1990s by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and written by PricewaterhouseCoopers. In the years since its development, and especially recently, COSO Enterprise Risk Management – Integrated Framework has been widely accepted by companies looking for best process guidance around business risk.

But a strong alternative to COSO is offered by a newer risk management framework conceived half a world away, called the AS/NZS Australia and New Zealand 4360:2004 Risk Management Standard. AS/NZS 4360 avoids some of COSO’s weaknesses and assesses risk in a more mature and flexible manner. In addition, another little-known enterprise risk management framework that has garnered little attention but that offers a potential alternative to COSO is M_o_R (Management of Risk), from the UK’s Office of Government Commerce (OGC).

Rather than letting the market make your decision by default, consider taking a closer look at all three of these comprehensive risk management frameworks. We outline them here, along with additional resources so you can make your own choice.

(And lest you think we’re overlooking options like CobiT, ITIL, and ISO 27002, we’ll look at those in a second article that examines risk assessment frameworks and standards.)

READ MORE

:: INSIGHTS FROM AROUND THE WEB ::