All Cyber-Security articles – Page 7
-
Article
SEC Pushes New Limits on Cyber-Security, Securities Fraud
Another byproduct of life in the cyber-security age: The SEC is redefining insider trading to focus more on improper trading, even if you are a thief mining a company for inside information without actually working there. The misconduct—called, yes, “outsider trading”—seems to be an SEC-enforceable offense so far, and it ...
-
Article
The Keys to Better Access Control Systems
Image: Gone are the days when “access control” meant locking your door or filing cabinet. Now compliance, IT, and audit teams must collaborate on controls to access networks rather than physical stores of information. Inside, we look at three best practices to design strong access control and at how to ...
-
Article
How to Simplify Cyber-Security Controls Amid Abundant Laws
By now every compliance officer has already heard the warning that it’s a matter of when you suffer a cyber-security breach, not if. Then comes compliance with breach disclosure rules—and those demands are becoming as perplexing as the cyber-threat itself. Overwhelmed, compliance officers are seeking ways to navigate these demands ...
-
Blog
Cyber-Security, AML Deficiencies Flagged in OCC Risk Review
As banks try to close the profitability gap created by a lingering low-interest rate environment and offer new services to customers, they face escalating compliance risks. Cyber-security and anti-money laundering controls are among the concerns flagged by the Office of the Comptroller of the Currency in its “Semiannual Risk Perspective.” ...
-
Blog
OCC: Cyber-Security Priorities for 2015
Comptroller of the Currency Thomas Curry last week provided an overview of the top cyber-security priorities that the Office of the Comptroller of the Currency will be focusing on for the remainder of 2015. These priorities include the release of a new cyber-security assessment tool that financial institutions can use ...
-
Article
The Workflows You Need to Use After a Data Breach
Compliance officers have enough scrambling to do after a data breach. Not understanding the steps to take, or not being in proper position to take them, only makes matters worse. Inside, guest columnist John Reed Stark walks through all the steps your company needs to take—including those to take before ...
-
Article
Suddenly, Washington Is Back at Cyber-Security Discussion
Image: For the first time in years, Washington is abuzz with proposed changes to cyber-security disclosure, both in Congress and at the SEC. Above all, experts say, is a need to clarify terminology and expectations. “There should be minimum standards for what that security should be across the board,” says ...
-
Article
Preparing Your Board for Cyber-Security Oversight
Every board knows its company will fall victim to a cyber-attack and, worse, that the board will need to clean up the mess and superintend the fallout. This week, guest columnist John Stark, a long-time student of cyber-security risks, breaks down the fundamentals any board must establish for cyber-security, and ...
-
Blog
Retailers Decry Prospect of Bank-Like Data Security Rules
The National Retail Federation is asking Congress to reject any legislation that would impose data security rules designed for the banking industry upon non-bank businesses. An overly broad expansion of data security standards similar to Gramm-Leach-Bliley Act guidelines would “be a serious error,” it says.
-
Blog
Why Is Cyber-Security a Process? This Is Why.
Image: Everyone stresses the importance of looking at cyber-security as a process. Well—why, exactly? How does viewing cyber-security that way help compliance and audit executives? Because, Compliance Week Editor Matt Kelly writes, cyber-threats are equally about building effective processes—to subvert yours. And until we appreciate the nature of cyber-risks, he ...
-
Article
NY Regulators Pose New Challenges to Compliance Officers
Image: The state of New York is muscling its way into financial regulation, with regulator Benjamin Lawsky proposing moves in anti-money laundering compliance far more bold than anything the feds are doing. Inside is a look at what the Empire State wants to achieve, and the potentially severe liability CCOs ...
-
Blog
Survey: Internal Audit Gaining Ground on Cyber-Risks
Image: Protiviti’s recent survey of more than 800 internal audit professionals reports that half of respondents said a cyber-security evaluation is included in their current audit plan, and 60 percent of those organizations use the National Institute of Standards and Technology cyber-security framework to evaluate risks. Protiviti EVP Brian Christensen ...
-
Article
Insurers Feel Fresh Heat on Cyber-Security Practices
Image: New York plan to bolster cyber-security oversight in the insurance sector, including regular, targeted assessments of cyber-security as part of its exam process. “Recent cyber-security breaches should serve as a stern wake-up call for insurers and other financial institutions to strengthen their cyber-defenses,” said New York Department of Financial ...
-
Blog
Survey: Audit Execs’ Cyber-Fears Run Deep
Image: Nearly 7 in 10 internal audit leaders participating in the IIA’s annual “Pulse of Internal Audit” survey ranked cyber-attacks and other security issues as a major concern, but only about one-third said they have high confidence in their organizations’ ability to address such risks. IIA President Richard Chambers says ...
-
Article
An Insider Look at the EU’s Binding Corporate Rules
Companies that move data throughout Europe, or beyond its borders, face a long and exacting list of privacy and security demands. Some companies are choosing to take advantage of Binding Corporate Rules (BCRs), presenting their data compliance framework for approval by data protection authorities. BCRs, despite a lengthy approval process, ...
-
Article
Where Internal Audit Can Help in Cyber-Security
Image: With yet another huge data breach hitting Corporate America—add insurance giant Anthem to the Hall of Shame—internal audit departments are trying to pinpoint what expertise they can bring to the company’s cyber-security risk assessment. Plenty, many audit executives say. “There are technical aspects of these projects, but regardless of ...
-
Blog
Survey: Cyber-Risk Is Big, but Regulatory Risk Trumps Again
Image: In a recent poll by Protiviti and North Carolina State University of 277 board members and top executives, 67 percent identified regulatory risk as the top concern for the third time since the survey began. Protiviti managing director Jim DeLoach says, “The fact that this is so top of ...
-
Blog
U.S. Announces New Intelligence Division to Battle Cyber Threats
The U.S. is establishing a new division called the Cyber-Threat Intelligence Integration Center that will produce coordinated cyber-threat assessments, share that information with existing cyber-centers, and support policy makers with timely intelligence about the latest cyber-threats. More inside.
-
Article
When State Attorneys General Come Knocking
Sometimes a sheriff arrives from the federal government to take an enforcement action against your company, and sometimes a posse of state attorneys general follow behind, determined to investigate you too. Such is the case for JP Morgan, now being pressed by 19 states for more detail on its massive ...
-
Blog
Three Ideas for Compliance, Audit, and Cyber-Security
Image: Wow! Sometimes you go to a panic party about cyber-security risk and an intelligent discussion breaks out. Such was the case for Compliance Week editor Matt Kelly, who hung out last week at a meeting of the New England Chief Audit Executives Club. Inside are his three lessons for ...