Tuesday, June 26th, 2007
First ever HHS HIPAA audit questions detailed
Auditors inspect hospital’s policies and procedures on 42 IT security topics
http://www.itcinstitute.com/info.aspx?id=40041
VA puts aside $20 MM to cover latest data breach
Missing hard drive holds information on nearly every US doctor
http://www.itcinstitute.com/info.aspx?id=40042
Supreme Court upholds strict standard of proof for corporate fraud
Private Securities Litigation Reform Act upheld, "cogent and compelling" burden of proof stands
http://www.itcinstitute.com/info.aspx?id=40043
French ban BlackBerries
National security concerns cite fear of data interception
http://www.itcinstitute.com/info.aspx?id=40044
Mpack exploit causing massive Web site infections
Victims in Europe and the US infected with a keylogger on their machines
http://www.itcinstitute.com/info.aspx?id=40045
RegulationWatch
Wall Street regulators offer new electronic message guidelines
Electronic messages that cannot be monitored should be blocked
http://www.itcinstitute.com/info.aspx?id=40046
White House circumvented e-mail preservation law
Staffers defied the law by using Republican National Committee e-mail
http://www.itcinstitute.com/info.aspx?id=40047
Federal agencies skating on FISMA
Complying with FISMA does not equate to better security, according to GAO
http://www.itcinstitute.com/info.aspx?id=40048
SEC seeks additional comment on upcoming AS5
Clarifying "materiality" and "material weakness" is a priority
http://www.itcinstitute.com/info.aspx?id=40049
New Research
IT professionals confess they are unequipped to handle a data breach
Many divulge they can neither detect a breach nor notify victims
http://www.itcinstitute.com/info.aspx?id=40050
Use of real data to test payment card systems risks privacy and security
No valid test data exists, forcing merchants to use real customer data
http://www.itcinstitute.com/info.aspx?id=40051
IT headaches are a major time sink for business managers
Business managers spend more than 10 percent of their time on IT-related crises
http://www.itcinstitute.com/info.aspx?id=40052
Phishing up while spam stays static
Study reveals a 784 percent rise in phishing Web sites in first quarter of 2007
http://www.itcinstitute.com/info.aspx?id=40053
ProsecutionWATCH
AOL phisher nets six years of prison
First person convicted under CAN-SPAM Act gets six year jail sentence
http://www.itcinstitute.com/info.aspx?id=40054
Former Enron Broadband CEO gets two years of prison
Enron internet chief faces 27 months in jail and $15MM fine
http://www.itcinstitute.com/info.aspx?id=40055
Four banks charged in Parmalat collapse
Citigroup, UBS AG, Deutsche Bank AG, and Morgan Stanley face market-rigging charges
http://www.itcinstitute.com/info.aspx?id=40056
Los Alamos National Laboratory accused of security breach
Los Alamos contractor sent nuclear secrets by unencrypted e-mail
http://www.itcinstitute.com/info.aspx?id=40057
Posted in Compliance Management, Regulatory Reform | No Comments »
Wednesday, June 13th, 2007
Business can’t survive without taking risks, but those risks must be balanced against opportunities. Risk management frameworks can offer guidance in setting up best practices around enterprise risk management—but the popular COSO shouldn’t be considered the only game in town.
By Linda L. Briggs
Risk management is a red-hot topic in business today, which means that risk management frameworks and standards are also in vogue. As is often true in business, one framework has captured most of the attention, and consequently the mindshare, of US businesses working to get a handle on their risk strategies. That framework is COSO Enterprise Risk Management – Integrated Framework, an enterprise risk management framework commissioned in the early 1990s by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and written by PricewaterhouseCoopers. In the years since its development, and especially recently, COSO Enterprise Risk Management – Integrated Framework has been widely accepted by companies looking for best process guidance around business risk.
But a strong alternative to COSO is offered by a newer risk management framework conceived half a world away, called the AS/NZS Australia and New Zealand 4360:2004 Risk Management Standard. AS/NZS 4360 avoids some of COSO’s weaknesses and assesses risk in a more mature and flexible manner. In addition, another little-known enterprise risk management framework that has garnered little attention but that offers a potential alternative to COSO is M_o_R (Management of Risk), from the UK’s Office of Government Commerce (OGC).
Rather than letting the market make your decision by default, consider taking a closer look at all three of these comprehensive risk management frameworks. We outline them here, along with additional resources so you can make your own choice.
(And lest you think we’re overlooking options like CobiT, ITIL, and ISO 27002, we’ll look at those in a second article that examines risk assessment frameworks and standards.)
READ MORE
Posted in Compliance Management, Risk Management | No Comments »
Friday, June 8th, 2007
|
How Far Will Sarbox Stretch?
|
|
Sarbox isn’t just for Wall Street anymore. Interesting cases involving pornography and illegal waste dumping from a tanker are testing the regulation. We don’t think Sarbox fits the pornography case — the prosecutor seems to be grasping at straws — but we won’t pretend to know all the facts, either.
|
|
Ironically, at the same time that U.S. companies are adjusting to new — and easier — Sarbox 404 implementation guidelines, prosecutors in Connecticut are working to secure a conviction under Sarbox in a surprising set of circumstances.
|
|
|
:: INSIGHTS FROM AROUND THE WEB ::
David Welch Still Feeling Effects of Blowing Whistle :: CFO.com
ICI Blames Sarbox for Its NYSE Delisting :: AccountancyAge
Office of Advocacy Backs Sarbox Extensions for SMBs :: Kansas City Infozine
Sarbox Used to Charge Lawyer with Obstruction :: Greenwich Time
FCC Moves to Improve Emergency Calls from Cell Phones :: ZDNet
Posted in Sarbanes Oxley | No Comments »
