Posts Tagged ‘cybersecurity’
Is Cyber Driving the CCO-Board Relationship?
We begin this week with yet another compliance benchmarking report, this time from Navex: a deep look at how compliance officers engage with senior management, and whether cybersecurity concerns, rather than anti-corruption, might be driving the board’s attention to compliance these days. Navex published the report late last week. It polled more than 1,300 compliance…
Read MoreA Closer Look at SOC Audits
Anyone involved in cybersecurity or privacy compliance knows that one handy tool to assess your vendor risks is a SOC audit. Now, at long last, we have a report that explores an important question: Just what do all those SOC audit reports actually examine, anyway? The report comes from CBiz MHM, a mid-sized accounting and…
Read MoreNY DFS Strikes Again on Cyber Fails
New York state regulators are at it again, serving up yet another enforcement action over poor cybersecurity practices that can serve as a quick case-study for the rest of us trying to figure out a sustainable way forward on cyber compliance issues. The company in question this time is OneMain Financial Group, a publicly traded…
Read MoreMore Help on Key Cyber Controls
Some interesting news for internal audit and cybersecurity professionals: new research has identified five key controls deemed to have the greatest effect in reducing the chance of (and damage from) a cybersecurity attack. The research comes from insurance giant Marsh McLennan, which operates a Cyber Risk Analytics Center that helps Marsh understand how to price…
Read MoreAnother Cyber Disclosure Sanction
Words matter in SEC filings. The Securities and Exchange Commission gave us another example of that point recently when it fined a technology company $3 million for misleading disclosures about a ransomware attack the company had suffered — and the confusion arose from how the company used the word “could.” The company in question is…
Read MoreMore on Managing ‘ChatGPT Risk’
Internal auditors, compliance officers, and risk managers looking for more perspective on how artificial intelligence might affect your lives, look no further. A cybersecurity research institute has published a fascinating paper on the potential risks from ChatGPT, with lots of unsettling implications for risk assurance professionals. The paper, titled “I, Chatbot,” comes from Recorded Future,…
Read MoreHelp on Supply Chain Cyber Risks
I hadn’t noticed this until now, but we have fresh help for audit and risk managers worried about cybersecurity risks in the supply chain: CISA, the top cybersecurity regulator in the United States, has published a short guide on how small and medium-sized businesses can navigate that challenge. CISA released the guide last week —…
Read MoreFINRA Talks Cyber Risks
FINRA, the regulator for broker-dealer firms that every other compliance professional should follow anyway, has given us yet another piece of nifty guidance: its annual report on regulatory examinations, brimming with advice about risks related to cybersecurity, anti-money laundering, and other issues. Like most other financial regulators, FINRA examines the compliance programs of businesses under…
Read MoreSEC Reminders on Identity Theft
The Securities and Exchange Commission has published a review of financial firms’ identity theft programs, in case anyone is looking for helpful hints and tips on how to strengthen your own program. Most of the SEC’s advice, however, boils down to a company sincerely thinking about its risks here. The advice came in the form…
Read MoreGetting a Better Grip on IT Controls
Today I want to circle back to last week’s collapse of cryptocurrency exchange FTX. One allegation is that FTX’s now-former CEO, Sam Bankman-Fried, engineered a “back door” into the company’s financial systems so that he could execute transactions without review. My question: would an audit of internal controls over financial reporting catch something like that? …
Read More