Companies with “mature” IT governance, risk, and compliance regimes have happier customers, make more money, and suffer fewer data-related disasters. To some extent, that sounds self-evident: If you’re a good company, you’re probably adept at many things, GRC being among them. But now, the fruits of GRC maturity have been statistically quantified. In the IT […]
Data Privacy
Posted inData Privacy
Educating Staff Leads to Improved IT Security
In today’s business environment, information security and protection of information assets are vital to the long-term success of all organizations. Information is the lifeblood of corporations and a vital business asset. IT systems connect every internal department of a company and connect the whole company to myriad suppliers, partners, customers, and others on the outside, […]
Posted inData Privacy
FTC Identity Theft Rules Put Cos. on Alert
Financial institutions and other creditors soon will be under the close eye of the Federal Trade Commission and banking regulators, which are stepping up their scrutiny of how those businesses detect and respond to identity theft. According to new “Red Flags” rules that went into effect Jan. 1, any organization that handles consumer financial data […]
Posted inData Privacy
Who’s Coming and Going in the GRC World
Compliance Week regularly tracks various personnel moves, board appointments, product releases, customer wins, and industry gossip in the corporate governance realm. Submit announcements to Compliance Week’s Jaclyn Jaeger. From the Regulators Lawrence In the United Kingdom, the Financial Services Authority has appointed Colin Lawrence as director of its newly created Prudential Risk Division. His appointment […]
Posted inData Privacy
PCI Group Publishes Self-Assessment Tests
Any retailers still unsure whether their data security standards can pass muster now have a new way to see how safe (or not) customer data really is. The Payment Card Industry Council has published a detailed set of “self-assessment questionnaires” for small and medium-sized retailers, who typically aren’t required to have their data security reviewed […]
Posted inData Privacy
Why It’s So Shocking Societe Generale Was Shocked
By now we’ve all seen the headline—“French Bank Rocked by Rogue Trader!”—heralding the debacle at Societe Generale as the largest bank fraud in history. Then come the details: A “mid-level” employee, unbeknownst to anyone else at one of the most venerated banks in France, bet $73 billion of the bank’s money, costing it $7.2 billion. […]
Posted inData Privacy
Take Five: Keys to Identity Management
The field of identity management is enduring a bit of split personality these days. On one hand, business software giants are gobbling up small companies that provide ID management solutions, to cobble together comprehensive offerings compliance and IT departments can tailor to their specific needs. At the same time, the overall need for ID management […]
Posted inInternal Controls
Auditing Computer Controls With AS5
Once upon a time, broad reviews of general computer controls were a cornerstone of IT audits. Now, Auditing Standard No. 5 may well close the book on that practice. Testing of operating systems, information security, and “change management” in a company’s IT environment has evolved rapidly since such audits became commonplace 15 years ago. AS5, […]
Posted inData Privacy
Surviving Data Breaches in the PCI World
At the request of subscribers, Compliance Week offers a Remediation Center, in which readers can submit questions—anonymously—to securities and accounting experts. Compliance Week’s editors will review all questions and then submit them—confidentially, of course—to specialists who can address the issues. The questions and responses will then be reprinted in a future edition of Compliance Week. […]
Posted inData Privacy
PCI Standard Catches Lawmakers’ Eyes
The credit card industry has been trying to force stronger data privacy rules onto the banking and retail sectors for more than a year. Now state legislatures are getting into the act. A California bill forcing merchants to comply with key elements of the Payment Card Industry Data Security Standard is a governor’s signature away […]
