Skip to content

Posts Tagged ‘cybersecurity’

Operational Resiliency, Part II

operational resiliency

Well this is convenient: one week after we had a post exploring the intersection of operational resiliency and compliance, two examples of the issue ripped from the headlines show just how much this obscure idea has real impact on compliance professionals’ lives. First, one of the Federal Reserve’s top regulators said last week that the…

Read More

Securities Enforcement Forum 2019

enforcement

Several hundred securities enforcement professionals gathered in Washington on Wednesday for the 2019 Securities Enforcement Forum. Radical Compliance couldn’t be there in person, so we gathered a bundle of dispatches from social media to give a flavor of what was discussed. After all, when under SEC investigation, you want the experience to be as enjoyable…

Read More

When Sanctions and Cybersecurity Collide

cybersecurity

Compliance professionals talk constantly these days about cybersecurity, third-party risk, and sanctions compliance. Now we have an example from the news that is one headache-inducing brew of all three — and also, I fear, a harbinger of compliance and risk challenges to come.  The company in question is Hikvision, a Chinese maker of security cameras.…

Read More

Audit Firms, Cybersecurity Risk, and You

cybersecurity

A member of the Public Company Accounting Oversight Board gave a speech last week about the role of audit firms in cybersecurity — and raised a point people seldom say aloud: the audit firm’s role is a relatively small one. Kathleen Hamm, a member of the PCAOB since last year, gave her remarks at a…

Read More

Oh, Joy: A New Cyber Risk

cybersecurity

An interesting article from the New York Times recently, noting that some insurance firms are declining to cover damages from cybersecurity breaches — under the logic that those breaches were acts of war by foreign governments, rather than criminal acts by individuals; and therefore not covered by a corporation’s cyber insurance policies. The article cites…

Read More

Cyber Breach Disclosures: A Mess

cybersecurity

Craving more information about how companies are disclosing cybersecurity breaches? Audit Analytics has a new report examining what publicly traded firms have been reporting in SEC filings — and you won’t get much guidance there, because those disclosures vary so widely. For that reason alone, the Audit Analytics report is worth reading. It shows that,…

Read More

DOJ Plugs Cooperation, Compliance

justice

All eyes in the compliance community might be the annual FCPA Conference happening in Washington right now, but compliance professionals might also want to note a different speech given across town Wednesday by John Cronan, deputy assistant attorney general. Cronan popped up at a Practising Law Institute event to talk about companies cooperating with law…

Read More

Survey: Third-Party Data Risk Still a Mess

third-party

Another year, another report confirming what most compliance and IT security officers already know: third-party vendors are an enormous security and privacy risk, and oversight of those parties is a mess. That’s the message of a report released Thursday by Opus and the Ponemon Institute, which surveyed more than 1,000 IT and data security professionals…

Read More

Thoughts on IoT and Cybersecurity Risk

cybersecurity

This week I attended the AuditWorld 2018 conference in Las Vegas, a gathering of several hundred audit and IT security executives to swap insights about cybersecurity and internal control. I wandered into a session about cybersecurity concerns for “the Internet of Things” — and wouldn’t you know it, a conversation about policy and vendor risk…

Read More

Dispatches From Securities Enforcement Forum

enforcement

Scads of securities lawyers gathered in Washington on Thursday for the annual Securities Enforcement Forum, a one-day confab on all things related to enforcement actions against publicly traded companies — insider trading, FCPA, cybersecurity, whistleblower retaliation, and much more. The event is run by SecuritiesDocket.com, which follows securities enforcement just as obsessively as we follow…

Read More