Clik here to view.
IT Compliance and Controls – Best Practices for Implementation, by James...
The new book is HERE!!! Here are two quick shots taken while opening up the first shipment of books! Below the pictures I briefly sum up the intent of the book. Of course, the major book sellers...
View ArticleClik here to view.
PCI SSC Clarifies Web Application FW & Code Reviews, Officially
The payment card industry security standards council released a publication today providing paths for organizations to take to satisfy the PCI DSS v1.1 Requirement 6.6. As has been consistent, the...
View ArticleClik here to view.
Crosswalk for SOX: COSO Guidance & ISO 9001:2000
Sarbanes-Oxley is still of importance to U.S. firms, and is becoming more so as globally similar IT Control government initiatives come due (EU-SOX, J-SOX to name only two). To that affect, whenever I...
View ArticleClik here to view.
The western hemisphere ahead of AsiaPacific
“Medicine rarely tastes good. The introduction of Sarbanes Oxley was, for many, accompanied by significant distaste for the idea. In the longer term, it does appear that those institutions exposed to...
View ArticleClik here to view.
NEW Fraud Survey – Identify Impactful Internal controls
In the mail I received an early copy of the “2008 Report to the Nation on Occupational Fraud and Abuse” from the Association of Certified Fraud Examiners. The 2006 report has represented de facto...
View ArticleClik here to view.
Regulation Effects to the Payment Industry: AMEX is a Bank
So, there are tremendous implications for their business model, but to place the spotlight on one area lets focus on data security and regulations (my favorite). AMEX is one of the organizations that...
View ArticleClik here to view.
British Security Defense Manual Leaked…
The British government had their Defence Manual of Security (2001) leaked to the internet on October 4, 2009. The press and wikileaks provide a great breakdown of the information within it, and it is...
View ArticleClik here to view.
GRC Implementation Tips, beyond ComplianceWeek
ComplianceWeek has two examples of implementing ITGRC solutions in two multi-billion dollar organizations. Each interestingly deployed in two unique fashions and had different takeaways from the...
View ArticleClik here to view.
New European director for PCI Security Standards Council
Despite a slew of data privacy breaches that I have spoken about here, the EU and UK in general have a longer horizon to hit critical mass with secure and compliant payment card environments. This is...
View ArticleClik here to view.
Social Media guidance from FFIEC and governed agencies .. up for comments!
The FFIEC released today (January 22, 2013) the “Social Media: Consumer Compliance Risk Management Guidance” and is available here online. The release is seeking comments and is a great opportunity...
View Article
