Wireless solutions can significantly strengthen your company’s business continuity planning in the event of an emergency - while reducing the costs associated with an interruption of business. The BlackBerry(r) for Investments White Paper, Improving Communication in Emergency Situations: Mobile Business Continuity Planning, analyzes the extensive benefits of having a fail-safe method of communication in a crisis situation. With BlackBerry smartphones, financial professionals will be able to maintain communication with clients, locate colleagues and employees, deliver alerts and notifications, and instantly update data, while ensuring it is secure and confidential. Take advantage of our research by downloading and reading the white paper, to ensure that your clients and colleagues are well protected and able to communicate if there is a power outage, severe weather or other threat. To learn more about enhancing your Business Continuity Plan, read the BlackBerry for Investments White Paper.

Download Now

We peruse the Internet headlines so you don’t have to. Here are the recent SOX and GRC headlines (and links) we felt are newsworthy:

PCAOB Reports on Ernst & Young Audit Problems - The Public Company Accounting Oversight Board found problems with four audits conducted by Ernst & Young in its latest inspection report.

Audit Board Finds Fault with BDO Seidman - The accounting firm should have done more work to support its audit opinions for five of its clients, according to the PCAOB.

Stryker Corp raises spending in quality, compliance - It plans to spend $50 million in 2008 to improve its quality and compliance as it works to resolve issues with federal health regulators.

IRS E-Crimes Program Needs Better Controls - E-Crimes has not established some common and necessary internal controls over digital evidence seized during investigations.

FEI Survey: Average 2007 SOX Compliance Cost $1.7 Million - Financial Executives International (FEI) announced today the results of its seventh Sarbanes-Oxley compliance survey, which found that Section 404 compliance cost Corporate America less in year four of adoption than in each of the first three years.

Risk climbs to top of corporate to-do list - Subprime losses spawn board-level risk committees. Sign of the times: Hot job title is Chief Risk Officer.

Accounting Degrees Reach 36-Year High - Hiring by firms in 2006-2007 shot up 83 percent over the previous three years, according to the report. Sixty-seven percent of the firms that responded to the AICPA survey anticipate they will continue to increase their hiring.

US audit watchdog eyeing hard-to-value securities - U.S. banks and other companies have struggled with valuing securities linked to the subprime mortgage crisis and Wall Street has been forced to write down billions of dollars in related losses in recent months.

April 22, 2008 — Network World — Researchers are touting an innovative cryptography method they’ve developed called "functional encryption," which though largely untested in the real world, one day could have an impact on how enterprise data is encrypted, stored and decrypted.

UCLA associate professor Amit Sahai, who has worked with UCLA computer-science alumnus Brent Waters on functional encryption for three years, says the technology lets an individual encrypt data in a way that lets people decrypt it only if they have the right "attributes."

"The mathematical system will produce an encrypted record that only people matching the criteria can decrypt," says Sahai, who recently published a paper on functional encryption with Waters that was presented at last week’s Eurocrypt Conference. "To do this, you get a personalized key that expresses your attributes bound up in one key."

In an enterprise environment, the attributes bound up in users’ encryption keys might be associated with just a name or also with the jobs they do that require restricted access to scrambled data in business, government or a university. "There could be a one-way decryption function used in many ways in both custom or Web applications, for example," Sahai says Each personalized key, expressing the security attributes of what that person is permitted to view, would unlock only the appropriate encrypted data and nothing else.

A user’s key would be able to decrypt scrambled data because the data, always stored in encrypted form, would recognize through a mathematical process the people holding the right key with the appropriate attribute associated with that data. "It’s through all this math packed into the message that the reader is recognized," says Sahai, who says functional encryption makes use of elliptic-curve encryption, which is seen as computationally efficient.

Sahai says the hope is that the work he and his colleagues have done will one day improve server-based security. "We really want to make it so the server has no idea what it’s holding," he says. "Instead, we want to make sure the right people get the data, and this is through the mathematics itself."

Although Sahai says his technology can’t properly be called digital-rights management, he says it could be viewed as a type of "privacy-rights management" based on the concept of a system public key. The challenge of devising a tool for functional encryption is not just the complex math but also making sure the system can withstand so-called "collusion attacks" to undermine its integrity, Sahai says.

Earlier versions of a functional-encryption software tool were made public in the past at UCLA, and Sahai says he will soon make available a new version of the functional encryption tool for review so experts can test its efficacy.

The paper will also be published in a forthcoming edition of the Journal of Cryptography. UCLA says the research into functional encryption has been funded in part by the National Science Foundation, the U.S. Army Research Office and the U.S. Dept of Homeland Security.