All Cyber-Security articles – Page 6
-
Blog
Finance Teams Play Growing Role in Cyber-Risk Mitigation
According to a survey of 389 financial executives conducted by the American Institute of CPAs, 73 percent said they are being asked to take on a larger role in defending their companies from emerging cyber-risks, while another six percent said cyber-risk mitigation has become the primary responsibility of the finance ...
-
Blog
CFTC offers up cyber-security rules, margin requirements
The Commodity Futures Trading Commission is seeking to amend existing regulations regarding cyber-security testing and safeguards for the automated systems used by the firms it regulates. New rules would specify testing frequency requirements and require covered firms to have certain tests performed by independent contractors. In a separate matter, it ...
-
Blog
What Makes a Good ‘Pen Tester’
Penetration testing is the exercise of testing a company’s cyber-security defenses, and finding the right “pen tester” to do that can be difficult. Learn how to find the right blend of capable, trustworthy, and innovative cyber-security professionals. More inside.
-
Article
Defense Dept. Steps Up Standards on IT Supply Chain Risk
Image: The Defense Department is taking a harder look at supply chain risks posed by government contractors who provide IT products and services, so compliance officers at those businesses should prepare to review how supply chain risks might affect eligibility to bid on future contracts. “This fits into the government’s ...
-
Article
The Key Cyber-Security Question: What Is ‘Reasonable’?
Regulators often say they want “reasonable” precautions when spelling out expectations on cyber-security. But with a plethora of guidance and frameworks to consider, what does that mean—and does “reasonable” depend on industry and company size? A small summit meeting of cyber-security voices debated that question in Boston recently; we have ...
-
Article
Enforcement Action May Be Omen of SEC’s Cyber-Security Plans
An investment adviser firm in St. Louis has become the (painful) test subject for the SEC’s attitude on cyber-security matters. The case, observers say, is a warning that the agency is moving away from guidance and toward enforcement. So what will the SEC consider to be “reasonable” security efforts? Will ...
-
Article
Insurance Companies Face New Scrutiny and Bank-Like Regulation
Image: Insurance firms are in an identity crisis these days: Regulators are treating them like banks. While insurers are trying to resist that, regulators themselves still struggle with how to make sense of the global jumble of rules, requirements, and risk generated by large firms. “There are a lot of ...
-
Blog
Transforming the Cyber-Security Paradigm
Though data breaches are inevitable, companies still remain too focused on fortification rather than response, failing to adopt to the harsh realities of rapidly emerging international and multifarious cyber-security threats. Inside, columnist John Reed Stark recommends a three-step cyber-security transformation for companies to undertake to combat recent rapidly evolving cyber-dangers.
-
Article
Frustrating Risk With the Right Internal Control Framework
Image: As cyber-security and IT controls rise up the priority list in corporate audits, a new wrinkle is emerging: numerous frameworks (COSO, NIST, CoBIT) used by numerous parties, all trying to build effective control systems. That could lead to painful detours in mapping controls, if compliance executives don’t plan carefully. ...
-
Blog
Companies Meet Their Match in Cyber-Security, IT Survey Shows
Image: A recent survey from Protiviti found that only 28 percent of 700 senior IT managers saw a high level of engagement and understanding of cyber-security risks by the board of directors. According to the company, board members are trying to understand complex technical issues, the investments necessary to address ...
-
Blog
R.T. Jones Pays SEC $75K for Failing to Adopt Cyber-Security Policies
Investment advisory firm R.T. Jones last week reached a $75,000 settlement with the Securities and Exchange Commission for failing to adopt written policies and procedures reasonably designed to protect customer records and information in violation of the "Safeguards Rule." Such failures ultimately resulted in a cyber-attack that compromised the personally ...
-
Article
Supply Chain Risk Continues to Challenge Companies
Rare is the business these days that can afford to be cavalier about the regulatory scrutiny on its supply chain. So why do so many still struggle so much to gain visibility and control over vendors and suppliers? A lack of sophistication in monitoring third parties (never mind fourth parties ...
-
Blog
ACE Introduces Global Cyber Facility
ACE Group, a multiline property and casualty insurer, last week announced the launch of ACE’s Global Cyber Facility, which goes beyond standard risk transfer by incorporating a comprehensive risk management solution into a single policy purchase. More inside.
-
Article
Managing Cyber-Risk in the Aviation Industry
Cyber-risks are increasing everywhere, and this week we look specifically at the aerospace sector. Recent high-profile data breaches at major airlines have jolted the industry, which is trying to piece together better ways to manage the risks. “Airplanes themselves have never been more complex, never been more reliant on technology. ...
-
Article
Calls for More Data Sharing to Step Up Terrorism Fight
Washington wants Corporate America to step up its attention to terrorism risk. That was the message at a recent congressional hearing, the latest instance of voices saying business and government should cooperate to uncover terrorists’ sophisticated financing schemes. “Most of the early warning signs reside with the private sector, and ...
-
Blog
Remember the Cyber-Security Fundamentals
Image: Title: KellyCyber-security risk might seem overwhelming these days; compliance, audit, and risk professionals are all reeling from the speed and diversity of attacks. This week, editor Matt Kelly explores how to get closer to an effective cyber-security process by remembering the basics—such as behind every cyber-attack is someone committing ...
-
Article
Preventing an FTC Cyber-Security Action
Image: A federal appeals court has upheld the Federal Trade Commission’s efforts to sanction companies for poor data security practices—which opens a new front of cyber-security compliance and legal risks for Corporate America. “Basically, if consumers trust you with data, you need to use reasonable business efforts to honor that ...
-
Article
More Cyber-Security Guidelines for Govt Contractors
Image: The Obama Administration is considering new cyber-security guidance that would effectively impose stringent new reporting obligations on government contractors. That means more due diligence on third parties, and a review of contract language to see who is responsible for what. “[E]verybody is going to need to get their cyber-house ...
-
Blog
IIA Reports Calls Internal Auditors to Better Leverage Technology
Image: A recent report from the Institute of Internal Auditors found that nearly 40 percent of audit departments worldwide are getting their arms around technology at what they consider to be appropriate levels. However, the study also found only one in 10 internal auditors entering the profession has education in ...
-
Article
CCOs Playing a Stronger Role in Data Privacy Practices
Image: As data privacy laws proliferate, they are creating a web that traps how corporations use personal data in their operations. The challenge for compliance officers: how to play a more strategic role and ensure your business doesn’t get stuck. “The inclusion of the CCO function in defining controls related ...