Posts Tagged ‘cybersecurity’
A Security Threat That Evades Internal Control
Well this is sobering stuff for internal auditors and SOX compliance professionals: a cybersecurity firm is raising alarms about flaws in the Oracle business software that countless companies use to manage their finances, which lets hackers steal or alter financial data — all undetectable by standard internal controls or GRC technology. Be warned, this is…
Read MoreFresh SEC Tips on Cybersecurity
The Securities and Exchange Commission released fresh advice on Monday about cybersecurity risk, on everything from oversight of cybersecurity risk to nitty-gritty practices around access controls, vendor management, operational resiliency, and more. Compliance, security, and risk professionals will want to give this a read. The advice comes in the form of a 13-page bulletin published…
Read MoreFTC Warns on Data Security Orders
The Federal Trade Commission posted a reminder Monday of its “new and improved” data security orders, which compliance and risk professionals might want to read for its lessons about cybersecurity oversight and compliance generally. The statement, published on the FTC Business Blog, reviews several changes the FTC made last year to its data security orders.…
Read MoreOperational Resiliency, Part II
Well this is convenient: one week after we had a post exploring the intersection of operational resiliency and compliance, two examples of the issue ripped from the headlines show just how much this obscure idea has real impact on compliance professionals’ lives. First, one of the Federal Reserve’s top regulators said last week that the…
Read MoreSecurities Enforcement Forum 2019
Several hundred securities enforcement professionals gathered in Washington on Wednesday for the 2019 Securities Enforcement Forum. Radical Compliance couldn’t be there in person, so we gathered a bundle of dispatches from social media to give a flavor of what was discussed. After all, when under SEC investigation, you want the experience to be as enjoyable…
Read MoreWhen Sanctions and Cybersecurity Collide
Compliance professionals talk constantly these days about cybersecurity, third-party risk, and sanctions compliance. Now we have an example from the news that is one headache-inducing brew of all three — and also, I fear, a harbinger of compliance and risk challenges to come. The company in question is Hikvision, a Chinese maker of security cameras.…
Read MoreAudit Firms, Cybersecurity Risk, and You
A member of the Public Company Accounting Oversight Board gave a speech last week about the role of audit firms in cybersecurity — and raised a point people seldom say aloud: the audit firm’s role is a relatively small one. Kathleen Hamm, a member of the PCAOB since last year, gave her remarks at a…
Read MoreOh, Joy: A New Cyber Risk
An interesting article from the New York Times recently, noting that some insurance firms are declining to cover damages from cybersecurity breaches — under the logic that those breaches were acts of war by foreign governments, rather than criminal acts by individuals; and therefore not covered by a corporation’s cyber insurance policies. The article cites…
Read MoreCyber Breach Disclosures: A Mess
Craving more information about how companies are disclosing cybersecurity breaches? Audit Analytics has a new report examining what publicly traded firms have been reporting in SEC filings — and you won’t get much guidance there, because those disclosures vary so widely. For that reason alone, the Audit Analytics report is worth reading. It shows that,…
Read MoreDOJ Plugs Cooperation, Compliance
All eyes in the compliance community might be the annual FCPA Conference happening in Washington right now, but compliance professionals might also want to note a different speech given across town Wednesday by John Cronan, deputy assistant attorney general. Cronan popped up at a Practising Law Institute event to talk about companies cooperating with law…
Read More