All Internal Controls articles – Page 12
-
PremiumChapter 4: Recovery and lessons learned post-ransomware attack
Whether fictional private utility company Vulnerable Electric pays the ransom or not in the aftermath of its cyber incident, the two pathways quickly splinter off in different directions with varied endings, each with important lessons to be learned.
-
PremiumRansomware case study glossary
The field of cybersecurity features a growing list of terminology to describe the many forms, channels, and motivations behind cyberattacks and hacking culture. Learn further definitions for some key terms featured throughout the ransomware case study.
-
PremiumChapter 3: Ransomware eradication prompts tough choice: To pay or not to pay?
No matter what, the deck is stacked against fictional private utility company Vulnerable Electric as it weighs whether to pay the $5 million ransom demanded by a cybercriminal who breached its systems. Which path do you take?
-
PremiumChapter 2, Part 2: Ransomware damage control and when to alert stakeholders
Systems at fictional private utility company Vulnerable Electric remain impacted in the aftermath of a ransomware attack, but the chief executive decides it’s time to be forthright with employees and customers.
-
PremiumChapter 2, Part 1: Containment key to ransomware defense
With Day 2 of fictional private utility company Vulnerable Electric’s ransomware crisis comes the need to grasp the extent of its situation. The cyber incident response team’s synchronized efforts are pivotal as time is of the essence.
-
ResourceWhite paper: The Dangerous Intersection Between OFAC and Ransomware
Read CSI’s The Dangerous Intersection Between OFAC and Ransomware white paper to understand how OFAC violations and ransomware present an amalgamated threat to all U.S. businesses, and how to address this threat in order to limit its potential for grave financial harm.
-
ArticleCW case study offers 360-degree view of ransomware attack
Learn through the eyes of the C-suite at Vulnerable Electric, a fictional private utility company impacted by a significant ransomware attack, as part of Compliance Week’s third case study.
-
PremiumChapter 1, Part 1: Betsy’s human error triggers ransomware crisis
When one of fictional private utility company Vulnerable Electric’s most dedicated employees falls victim to a social engineering hack, her actions in the immediate aftermath are crucial to what will soon become a crisis for the C-suite.
-
PremiumChapter 1, Part 2: All hands on deck in C-suite ransomware response
Following the events that triggered a double extortion ransomware attack, the CEO of fictional private utility company Vulnerable Electric mobilizes her cyber incident response team to begin assessing the path forward to dealing with the cybercriminal(s).
-
ArticleESG reporting: A summary of preparers’ perspectives
Preparers speaking at a pair of recent high-profile accounting and auditing conferences discuss current practices and the challenges their controllership teams face in ESG reporting and governance.
-
ArticleGensler says SEC to consider new rules for cybersecurity, data privacy disclosures
The Securities and Exchange Commission is kicking the tires on new cybersecurity and data privacy disclosure requirements for investment companies, investment advisers, broker-dealers, and public companies, according to agency Chair Gary Gensler.
-
ArticleCredit Suisse unit fined $9M for conflict of interest, recordkeeping lapses
Credit Suisse Securities agreed to pay a $9 million fine levied by FINRA for failing to comply with securities laws and rules involving potential conflicts of interest and the safeguarding of customer securities.
-
ArticleWithout OSHA vaccine policy, companies at risk of undercutting corporate culture
The Supreme Court’s decision to block President Joe Biden’s Covid-19 vaccine-or-test policy for large businesses leaves a patchwork quilt of state, local, and city requirements that companies will have to follow as best they can, according to experts.
-
ArticleSojitz Hong Kong subsidiary fined $5.2M for violating Iran sanctions
Sojitz HK agreed to pay approximately $5.2 million for violations of U.S. sanctions against Iran that occurred when rogue employees deliberately misled company executives and compliance regarding the true origin of goods worth more than $75 million.
-
Article
Carnival to pay $1M for environmental probation violation
Cruise line operator Carnival Corp. has pleaded guilty and agreed to pay a $1 million penalty for violating a condition of its probation relating to its environmental compliance plan.
-
ArticleDeutsche Bank fined $9.8M for Euribor control weaknesses
Germany’s market regulator BaFin imposed an administrative fine of 8.66 million euros (U.S. $9.8 million) on Deutsche Bank for breaches of the European Union’s Benchmarks Regulation.
-
ArticleS&T AG orders Deloitte audit of short seller allegations
Austrian technology company S&T AG has ordered a forensic audit of its corporate structure and several recent acquisitions in response to allegations made by short seller Viceroy Research.
-
ArticleGlobal Infrastructure Management fined $4.5M for compliance failures
Registered investment adviser Global Infrastructure Management has agreed to pay a $4.5 million civil penalty as part of a settlement reached with the SEC for fee offset and disclosure failures caused by deficiencies in its compliance program.
-
ArticleNikola to pay $125M to settle SEC fraud charges
Electric semitruck startup Nikola agreed to pay $125 million to settle charges brought by the SEC for defrauding investors by misleading them about its products, technical advancements, and commercial prospects.
-
ArticleStandard Chartered fined record $61.5M for liquidity reporting failures
The U.K. Prudential Regulation Authority imposed a record fine of £46.55 million (U.S. $61.5 million) against Standard Chartered Bank for repeatedly misreporting a key metric to determine liquidity risk.