All Risk Management articles – Page 9
-
Article
Ransomware case study glossary
The field of cybersecurity features a growing list of terminology to describe the many forms, channels, and motivations behind cyberattacks and hacking culture. Learn further definitions for some key terms featured throughout the ransomware case study.
-
Article
Chapter 3: Ransomware eradication prompts tough choice: To pay or not to pay?
No matter what, the deck is stacked against fictional private utility company Vulnerable Electric as it weighs whether to pay the $5 million ransom demanded by a cybercriminal who breached its systems. Which path do you take?
-
Article
FinCEN readying rule for banks to prove AML/CFT programs ‘reasonably designed’
The Financial Crimes Enforcement Network will likely require banks and other financial institutions to assess their anti-money laundering and countering the financing of terrorism programs to ensure they are “effective and reasonably designed.”
-
Article
Chapter 2, Part 2: Ransomware damage control and when to alert stakeholders
Systems at fictional private utility company Vulnerable Electric remain impacted in the aftermath of a ransomware attack, but the chief executive decides it’s time to be forthright with employees and customers.
-
Article
Chapter 2, Part 1: Containment key to ransomware defense
With Day 2 of fictional private utility company Vulnerable Electric’s ransomware crisis comes the need to grasp the extent of its situation. The cyber incident response team’s synchronized efforts are pivotal as time is of the essence.
-
Article
CW case study offers 360-degree view of ransomware attack
Learn through the eyes of the C-suite at Vulnerable Electric, a fictional private utility company impacted by a significant ransomware attack, as part of Compliance Week’s third case study.
-
Article
Chapter 1, Part 1: Betsy’s human error triggers ransomware crisis
When one of fictional private utility company Vulnerable Electric’s most dedicated employees falls victim to a social engineering hack, her actions in the immediate aftermath are crucial to what will soon become a crisis for the C-suite.
-
Article
Chapter 1, Part 2: All hands on deck in C-suite ransomware response
Following the events that triggered a double extortion ransomware attack, the CEO of fictional private utility company Vulnerable Electric mobilizes her cyber incident response team to begin assessing the path forward to dealing with the cybercriminal(s).
-
Article
Biden plan to expand cybersecurity collaboration with water sector
The Biden administration announced an action plan to collaborate with owners and operators in the water sector to deploy technologies and systems that provide cyber-related threat visibility, indicators, detections, and warnings.
-
Article
Remedial actions help HeadSpin avoid fine in SEC fraud settlement
Silicon Valley-based tech company HeadSpin’s significant remedial actions in response to its chief executive’s alleged fraudulent behavior helped it settle charges with the Securities and Exchange Commission without being fined.
-
Article
Supreme Court declines case on False Claims Act anti-retaliation provisions
The Supreme Court has declined to settle conflict between two federal court decisions on whether former employees are covered by whistleblower anti-retaliation protections contained in the False Claims Act.
-
Article
Survey: Working in compliance is stressful, but satisfying
More than half the compliance officers responding to a new survey on working conditions said they feel burned out on the job, yet 60 percent of respondents still reported being satisfied with their work.
-
Article
ESG reporting: A summary of preparers’ perspectives
Preparers speaking at a pair of recent high-profile accounting and auditing conferences discuss current practices and the challenges their controllership teams face in ESG reporting and governance.
-
Article
Tencent fires 70 employees in latest anti-bribery crackdown
Chinese gaming and social media company Tencent said it fired nearly 70 employees last year as part of its ongoing anti-graft campaign and will stop doing business with 13 Chinese firms that have violated its anti-bribery standards.
-
Article
Gensler says SEC to consider new rules for cybersecurity, data privacy disclosures
The Securities and Exchange Commission is kicking the tires on new cybersecurity and data privacy disclosure requirements for investment companies, investment advisers, broker-dealers, and public companies, according to agency Chair Gary Gensler.
-
Article
TI 2021 corruption index shows world not willing to make real change
The adage that “no news is good news” doesn’t apply to Transparency International’s 2021 Corruption Perceptions Index. That corruption levels remain at a global standstill or have worsened highlights a disturbing trend for companies, governments, and citizens alike.
-
Article
REWE International $9M GDPR fine a lesson in managing subsidiary risk
A recent decision by the Austrian Data Protection Authority against food retailer REWE International underlines the fact parent companies are ultimately responsible for how their subsidiaries manage people’s data, even if the offshoot entity operates separately.
-
Article
Leaders at BlackRock, SSGA set tone for ESG-focused 2022
The chief executives of BlackRock and State Street Global Advisors earlier this month published their annual letters highlighting topics of importance for the coming year, with climate action and social issues clearly remaining top of mind for both.
-
Article
Without OSHA vaccine policy, companies at risk of undercutting corporate culture
The Supreme Court’s decision to block President Joe Biden’s Covid-19 vaccine-or-test policy for large businesses leaves a patchwork quilt of state, local, and city requirements that companies will have to follow as best they can, according to experts.
-
Article
NAVEX: Top 10 risk and compliance trends for 2022
Diversity, equity, and inclusion; prioritizing ESG; business continuity; and more highlight the latest edition of NAVEX’s annual list of risk and compliance trends worth monitoring.