Recent Industry Headlines
We peruse the Internet headlines so you don’t have to. Here are the recent SOX and GRC headlines (and links) we felt are newsworthy:
Bad Accounting Rules Helped Sink AIG - Call it the revenge of Enron.
Blame boards of directors for financial mess - Failure this broad and deep takes a village, and regulators, lawyers, compensation consultants, auditors, executives, shareholders, and the press all played a part. But the people who are most responsible for the massive meltdowns of these institutions are the boards of directors.
Oxley says Wall Street crisis could trigger new regulations - Just as the Enron and WorldCom scandals triggered new regulations governing how public companies keep their books, the current crisis on Wall Street may well result in a new level of oversight for those in the mortgage and financial industries.
Revenue Recognition Trips Up Auditors, Clients - Audit firms that were found deficient during PCAOB inspections usually accepted the way a client company accounted for sales in the past, rather than checking for updates
Senators Protest Whistleblower Policy - Two U.S. senators accused the Department of Labor of violating the "spirit and goals" of a federal law aimed at protecting employees who report corporate wrongdoing, and called on the agency to stop rejecting claims from workers at subsidiary companies.
Hail to the chief… administrator? - Chief administrative officer is a hot corporate title, especially at banks. One more hurdle to top slot?
Posted by Radian Compliance Team at 10:32 AM. Filed under: Sarbanes Oxley
No Comments • Trackback • Permalink •
CIS also plans to launch services to help companies compare security efforts
By Jeremy Kirk
September 8, 2008 (IDG News Service) The Center for Internet Security (CIS) is set to release guidelines that enterprises can use to measure the state of their security, and it’s also preparing to launch a service to help companies compare their security performance with that of their peers.
The latest CIS project is designed to resolve the confusion and lack of uniformity in ways to measure whether an organization’s IT security is improving or not, said Bert Miuccio, CIS’s CEO.
"The problem that we’ve come to recognize is that information security professionals really are growing more confused on how to define success," Miuccio said. "They know that compliance with regulatory requirements, and audit frameworks do not necessarily result in improved security and are not the best measures of success."
CIS is a nonprofit group funded by a variety of organizations with an interest in security. Since it was formed in 2000, it has created 40 benchmarks for default security configurations for all kinds of software, including operating systems, middleware and network devices. The benchmarks, which are a free download on the CIS Web site, are intended to help organizations reduce IT security risks.
Every security professional has different definitions of how to evaluate organizational security, Miuccio said. To try to find common ground, CIS assembled 85 information security experts who will work together to identify uniform ways to measure eight different metrics. The metrics should be released in late October or early November, Miuccio said.
Two are "outcome" metrics: the mean time between security incidents and the mean time to recover from security incidents. The remaining six metrics are related to process: the percentage of systems configured according to approved standards; the percentage of systems patched according to policy; percentage of systems with antivirus technology; percentage of business applications that have a risk assessment; percentage of business applications that have a penetration or vulnerability assessment; and percentage of application code that have a security assessment or code review before deployment.
Along with the metrics, CIS plans to launch around the same time a software-based service for companies to compare how they are doing in terms of security compared with other anonymous companies in their vertical market. This type of comparison is already commonly used for financial results and other aspects of business performance such as customer service.
"That’s not done in information security today," Miuccio said. "We believe that this service will begin to enable that."
About our Practice
Our Radian IT Compliance Management Practice focuses on cross-industry projects that include:
- Corporate Assessments
- Compliance Readiness
- Compliance Enablement
- IT Audit Advocacy Work
Within our partnerships, we utilize deeply skilled resources specializing in Corporate Governance, Corporate Security, CPA Services, Business Continuity / Disaster Recovery and Business Practices Assessments.
Read more...
 |
|
 |
NEW
WHITEPAPER |
|
|
|
|
Raising the Bar with
BS 25999: Persistent
resilience and cohesive continuity for organizations and their
vendors
This white paper was first released at
the BSI Communication Days in Chicago, held on March 11, where Lisa DuBrock,
Managing Partner of The Radian Group was the guest speaker.
 The Radian Group and MK Business
Solutions chose to focus on vendor compliancy for their first white paper to
bring awareness to both the organization faced with managing a complex array of
vendors and suppliers to the actual vendor themselves, concerned with excessive
costs and resource drain managing the compliant requirements being sent down
from their customers.
DOWNLOAD!
|
November 2008
| M |
T |
W |
T |
F |
S |
S |
| | 1 | 2 |
| 3 | 4 | 5 | 6 | 7 | 8 | 9 |
| 10 | 11 | 12 | 13 | 14 | 15 | 16 |
| 17 | 18 | 19 | 20 | 21 | 22 | 23 |
| 24 | 25 | 26 | 27 | 28 | 29 | 30 |
Upcoming Events
|
Just as with the Y2K crisis of seven years ago, IT workers are being
called upon to don superhero suits and save the enterprise from
impending technology trouble. But this time, IT will be sifting through
the complexities of the federal Sarbanes-Oxley Act of 2002
Public Companies over 75 million already need to comply by 12/15/2007...
Will your SMB be Ready?
|
Links
Blogroll
Partners
Resources
Websites
