Risk Management archives - Overheard in the tech blogosphere

Overheard in the tech blogosphere:

risk management

Nov 23 2009   6:12PM GMT

Overheard - Pandemic planning



Posted by: Margaret Rouse
pandemic planning, Disaster Recovery, risk management
“Most of the larger financial institutions have some kind of pandemic/influenza plan or at least a pandemic overlay to their existing business continuity plans, but I don’t know if I would say they’re all prepared to the extent that they need to be prepared.”

John Copenhaver as quoted in Swine flu puts spotlight on pandemic planning

Today’s WhatIs.com Word of the Day is pandemic planning.

Oct 1 2009   1:49PM GMT

Overheard - Remote Access Trojan (RAT)



Posted by: Margaret Rouse
Malware, Trojan horse, RAT, remote access tool, remote access Trojan, Security, risk management
“In an even more sophisticated ploy, the Trojan altered the victim’s online banking page to change the amount of the transfer to a smaller number. In one transaction, the cybercriminals stole more than $8,000, but to the victim, it appeared like a $53 transaction.”

Angela Moscaritolo, URLZone touted as most sophisticated banking Trojan yet

Today’s WhatIs.com Word of the Day is RAT.  It’s a type of malware horse.


Feb 6 2009   12:55PM GMT

Overheard - Avoiding common audit pitfalls



Posted by: Margaret Rouse
Compliance, change managment, risk management, IT Governance
“Make no mistake — auditors will find fault with your systems, your processes, and the people who operate them. They’re auditors. It’s their job.”

Kelly Jackson Higgins, Experts share tips on how to avoid the most common pitfalls in an audit

If you missed Kelly’s article when it first came out, take moment and read through it.  I bet you’ll learn something.

Key points I want to remember:

  • Two of their most common reasons for failing an audit are poor documentation and poor training programs.
  • It’s all about proving that data isn’t tampered with — from inside or out.

- Manage change in a consistent manner.
- Clearly define roles and permissions.
- Know who (and where) users are, what role they play and what permissions they have.
- Align physical security with IT security.
- Be ready to demonstrate how you monitor security.
- Be ready to demonstrate how you are able to detect and act on anomalies.
- Map security processes to business processes. A checklist isn’t enough.


Jun 5 2008   12:07PM GMT

Overheard: Cloud computing too big a risk for mission critical apps



Posted by: Margaret Rouse
risk management, Cloud computing
paul-wallis.jpg The nature of Grid/Cloud computing means a business has to migrate its applications and data to a third party solution. This creates huge barriers to the uptake.

Paul Wallis, Is the Cloud There Yet?

Recently we’ve seen the London Stock Exchange fail, undersea data cables cut in the Gulf, espionage in Lithuania and the failure of the most modern and well-known data farm at Amazon.

In such a climate it will require asking the business to take a leap of faith to find solid footing in the cloud for mission critical applications.

And that is never a good way to sell to the business.


May 13 2008   12:04AM GMT

Overheard: There’s no killer app for GRC software



Posted by: Margaret Rouse
SAP, Oracle, Compliance, risk management, governance, Technology
johnhagerty.gif Most people assume that so-called GRC software–governance, risk and compliance–will continue to gather steam, as big boys like Oracle and SAP continue their marketing. It makes sense to automate compliance and risk issues, but the reality of this nascent field is that there really isn’t a single point solution.

John Hagerty, CFOs face complex GRC software decisions