Rethinking compliance software

Here's me about to eat crow. After nearly a decade of railing against software as a solution to address the challenges of regulatory/industry compliance, I'm being forced to reconsider my position. I've long advocated that an institution or organization could just as easily develop manual...
IT audit reports: Why you can’t handle the truth

I was reading the local newspaper this morning and was surprised to find a front page story ripped from the headlines of my professional life (ironic, I know). Right there on the front page of today's News and Observer was a story about how a recent audit claimed corruption at a local college...
How security aware is your organization?

Consider this post to be something of a (banking) community service announcement. It's February 2010, do you know when the last time was that your organization conducted a social engineering exercise? I come across instances almost all of the time where financial institutions have obvious...