risk management

Overheard - Pandemic planning

“Most of the larger financial institutions have some kind of pandemic/influenza plan or at least a pandemic overlay to their existing business continuity plans, but I don’t know if I would say they’re all prepared to the extent that they need to be prepared.” John Copenhaver as quoted in Swine flu puts spotlight on pandemic planning

Today’s WhatIs.com Word of the Day is pandemic planning.

Overheard - Remote Access Trojan (RAT)

“In an even more sophisticated ploy, the Trojan altered the victim’s online banking page to change the amount of the transfer to a smaller number. In one transaction, the cybercriminals stole more than $8,000, but to the victim, it appeared like a $53 transaction.” Angela Moscaritolo, URLZone touted as most sophisticated banking Trojan yet

Today’s WhatIs.com Word of the Day is RAT.  It’s a type of malware horse.

Overheard - Avoiding common audit pitfalls

“Make no mistake — auditors will find fault with your systems, your processes, and the people who operate them. They’re auditors. It’s their job.” Kelly Jackson Higgins, Experts share tips on how to avoid the most common pitfalls in an audit

If you missed Kelly’s article when it first came out, take moment and read through it.  I bet you’ll learn something.

Key points I want to remember:

• Two of their most common reasons for failing an audit are poor documentation and poor training programs.
• It’s all about proving that data isn’t tampered with — from inside or out.

- Manage change in a consistent manner.
- Clearly define roles and permissions.
- Know who (and where) users are, what role they play and what permissions they have.
- Align physical security with IT security.
- Be ready to demonstrate how you monitor security.
- Be ready to demonstrate how you are able to detect and act on anomalies.
- Map security processes to business processes. A checklist isn’t enough.

Overheard: Cloud computing too big a risk for mission critical apps

The nature of Grid/Cloud computing means a business has to migrate its applications and data to a third party solution. This creates huge barriers to the uptake. Paul Wallis, Is the Cloud There Yet?

Recently we’ve seen the London Stock Exchange fail, undersea data cables cut in the Gulf, espionage in Lithuania and the failure of the most modern and well-known data farm at Amazon.

In such a climate it will require asking the business to take a leap of faith to find solid footing in the cloud for mission critical applications.

And that is never a good way to sell to the business.

Overheard: There’s no killer app for GRC software

Most people assume that so-called GRC software–governance, risk and compliance–will continue to gather steam, as big boys like Oracle and SAP continue their marketing. It makes sense to automate compliance and risk issues, but the reality of this nascent field is that there really isn’t a single point solution. John Hagerty, CFOs face complex GRC software decisions