Information Management Today

Only big fines will change how the auditors audit

The Guardian Data Protection

JULY 9, 2019

Splitting a firm’s audit and consulting functions has merit but only large penalties will affect proper change •Watchdog finds work of Patisserie Valerie auditor unacceptable This time last year the Financial Reporting Council tried to read the riot act to the auditing industry.

Marketing

Marketing GDPR

Best Practices Q&A: The importance of articulating how cybersecurity can be a business enabler

The Last Watchdog

APRIL 1, 2024

It also covers the extension of security and privacy requirements to third-party partners and the ability to respond quickly and effectively to external questions from stakeholders such as customers, auditors, and regulators. LW: Cultural change is acutely difficult. You need to be partners in driving this.

Cybersecurity

Cybersecurity Privacy B2B Risk

The value of Key Rotation and Re-encryption.

Thales Cloud Protection & Licensing

AUGUST 17, 2022

To meet various compliance requirements and reduce the risk of your most sensitive data getting compromised you may want to consider changing the encryption key used to protect this data. Thales refers to this changing of encryption keys as “Key rotation” or “Rekey”. See link at the end of this blog for more details. Data Risk Factors.

Encryption

Encryption Risk Compliance Cloud

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

BT auditor highlights IT vulnerabilities in financial reporting

IT Governance

JUNE 9, 2020

BT’s external auditor, KPMG, has issued an “adverse opinion” of the telecom giant’s internal financial reporting controls in another blow to its accounting credibility. The announcement comes three years after auditors discovered accounting irregularities in BT Italia, which wiped £530 million off the organisation’s market value.

IT

IT Government Compliance Marketing

RSAC insights: ‘CAASM’ tools and practices get into the nitty gritty of closing network security gaps

The Last Watchdog

JUNE 6, 2022

This is the heavy lifting that’s easier said than done, especially in a massively-distributed, fast-changing operating environment. Then there’s the issue of having to change the behaviors of the asset owners, many of whom are stuck in a siloed mindset. The pressure bears down on security teams from two directions, Zheng says.

Security

Security Cloud Analytics Digital transformation

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

As a result of the initial 60-day comment period, the updated Amendment incorporates a number of changes, including the following: Definitions NYDFS clarified the thresholds for calculating when covered entities qualify as “Class A Companies,” which would be subject to heightened requirements.

Cybersecurity

Cybersecurity IT Compliance Financial Services

6 Ways Document Management Software Can Make Your Next Audit a Breeze

AIIM

OCTOBER 30, 2018

That means the auditor is going to need to see a lot of paperwork. Regulations and guidelines change often, but with a document management system in place, it is no longer a hassle to get all your documentation updated quickly. No matter what industry you are in, audits are stressful. Makes It Effortless to Update Policies.

Archiving

Archiving Access Education Compliance

What is a Cyber Security Audit and Why is it Important?

IT Governance

MAY 17, 2022

By probing organisations’ systems and services, an auditor can identify security weaknesses, and determine whether their practices comply with relevant laws, such as the GDPR (General Data Protection Regulation). As part of their review, the auditor will assess the organisation’s compliance posture. Conducting a cyber security audit.

IT

IT Security Data breaches GDPR

ISO 27701: UKAS requirements for ISMS certification bodies

IT Governance

AUGUST 20, 2020

Thus includes a gap analysis of the operational differences between offering ISMS certification and offering the PIMS extension, the impact of changes to the certification activity, implementation plans, etc.) Be able to demonstrate that its auditors have the required knowledge and experience as outlined in 7.11 So, what’s next?

Privacy

Privacy GDPR Information Security Personal data

How to carry out an ISO 27001 internal audit

IT Governance

JULY 31, 2018

The process often catches organisations off guard, because they don’t realise how quickly things can change after they’ve implemented an ISMS (information security management system). Audit plan : Auditors and management should create a detailed checklist of what needs to be done. Become an ISO 27001 internal auditor.

Compliance

Compliance Information Security Risk Security

How to conduct an ISO 27001 internal audit

IT Governance

AUGUST 6, 2019

Auditors should also identify and contact the main stakeholders in the ISMS to request any documentation that will be reviewed during the audit. Auditors and management should agree on the timing and resourcing for the audit, before creating a detailed audit plan. This is where the audit begins to take shape. Field review.

Paper

Paper Compliance Information Security Risk

Written IT Security Policies: Why You Need Them & How to Create Them

eSecurity Planet

MARCH 18, 2022

Policies can cover multiple technologies, but should be labeled clearly for internal and compliance auditor reference. Some unfortunate IT teams confirm that they have policies, but become frustrated when a compliance auditor declares their screenshots of implemented policies as inadequate. Security Policy Tips. Compliance.

IT

IT Compliance Security Access

Understanding PCI compliance auditing

IT Governance

JANUARY 8, 2018

When reviewing what merchants are doing to protect their customers’ payment card data, auditors typically find the following problems: Unnecessary storage of payment card data and a lack of network segmentation to isolate the data from less secure parts of the network. What a PCI DSS auditor wants. Talk to your auditor during the year.

Compliance

Compliance Risk Encryption Access

How to conduct an ISO 27001 internal audit

IT Governance

JULY 18, 2018

Auditors should also identify and contact the main stakeholders in the ISMS to request any documentation that will be reviewed during the audit. Auditors and management should agree on the timing and resourcing for the audit, and create a detailed audit plan. A statement from the auditor detailing recommendations or scope limitations.

Paper

Paper Compliance Information Security Risk

NYC DCWP Adopts Rules to Implement Law Governing Automated Employment Decision Tools and Sets July Enforcement Date

Hunton Privacy

APRIL 26, 2023

The rules establish specifications for the bias audit to comply with requirements to report on impacts on race, ethnicity and sex to the Equal Employment Opportunity Commission.

Artificial Intelligence

Artificial Intelligence Government Analytics IT

BigDebIT flaws in Oracle EBS allow hackers to alter financial records

Security Affairs

JUNE 16, 2020

Once a financial reporting period is closed, financial data should not change. ” “The level of effort required by internal resources, external resources (specialists and/or external auditors, etc.) ” “The level of effort required by internal resources, external resources (specialists and/or external auditors, etc.)

Compliance

Compliance Security IT Information Security

Threat actors hacked a server of a Queensland water supplier and remained undetected for 9 months

Security Affairs

NOVEMBER 11, 2021

The auditors found the lack of internal controls in three of the six water authorities audited. Cyber attacks continue to be a significant risk, with ongoing changes in entities’ working environments due to COVID-19.” “We continue to identify several control deficiencies relating to information systems.

Passwords

Passwords Security awareness Authentication Government

Guest Post - Digital Transformation: Adapt Your Business Environment

AIIM

MARCH 5, 2018

The mature definition of digital transformation is less about digitizing data or business processes and more about adopting a strategy and corresponding technology framework to build a system that can adapt to an ever-changing business environment. Verification would culminate in an exception report that could be reviewed by the auditor.

Digital transformation

Digital transformation Artificial Intelligence Marketing Paper

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

The Last Watchdog

APRIL 3, 2019

We have a change in the environment where there is no longer a hard perimeter,” Kiser told me. “So In other words,” said Kiser, “you couldn’t just say ‘yes, we are giving the right people the right access at the right time,’ you’ve got to document it all along and prove that to auditors.”. Public trust must be maintained.

Digital transformation

Digital transformation Insurance Compliance Healthcare

Most sought-after certifications for 2018

IT Governance

MARCH 1, 2018

This shortfall appears to be exacerbated by changes in government policies and other regulatory pressures and the rise in data breaches. 3 ) ISO27001 Certified ISMS Lead Auditor (CIS LA) : This course covers the key steps involved in planning and executing an external audit of an ISO/IEC 27001:2013-compliant ISMS.

GDPR

GDPR Compliance Government Information Security

COVID-19 has created demand for cyber security personnel

IT Governance

OCTOBER 27, 2020

Working in cyber security may seem like a big change – and one that requires in-depth technical knowledge – but you might be surprised at how many transferable skills you already have. With the right qualifications, you could have a career for life and have plenty of opportunities to advance into senior roles.

Security

Security Information Security Government IT

Patch Management Policy: Steps, Benefits and a Free Template

eSecurity Planet

NOVEMBER 18, 2022

However, they might find that their state’s cybersecurity requirements require monthly patching and will therefore need to change their patching frequency to monthly to comply. At this point, rough notes need to be changed into formal paragraphs, tables, and appendices. Also read: Patch Management Best Practices & Steps.

Compliance

Compliance Cybersecurity Risk IT

JIRA for Rocket Aldon

Rocket Software

MARCH 27, 2020

Its capability to include requirement and change management processes adapted to an organization’s unique needs is also a plus. Did you ever wish that a ticket or task created for a code change could automatically be created from JIRA for use in Rocket Aldon Lifecycle Manager (LM) for the IBM i and/or Lifecycle Manager Enterprise?

e-Delivery

e-Delivery Sales Cloud IT

Why you should keep data observability separate from data cleansing

Collibra

MAY 16, 2022

Or would you be forced to consider a robust people-process and access model to manage those changes, thus minimizing the effectiveness of combining in the first place? If you were being audited by a big four, would presenting standalone software that observes and corrects sit well with auditors who are keen on not auditing their own work?

Risk

Risk Government Financial Services Access

USPS Site Exposed Data on 60 Million Users

Krebs on Security

NOVEMBER 21, 2018

.” A cursory review by KrebsOnSecurity indicates the promiscuous API let any user request account changes for any other user, such as email address, phone number or other key details. Fortunately, the USPS appears to have included a validation step to prevent unauthorized changes — at least with some data fields.

Authentication

Authentication Encryption Access Information Security

Five Signs Your Enterprise Needs a Modern DevOps Solution, and What to Look for in One

Rocket Software

DECEMBER 20, 2021

If your solution doesn’t have this capacity, you run the risk of having to back out changes – assuming your solution has the ability to do this – and spend more resources fixing the problem. Comprehensive DevOps solutions also include special report templates to give auditors exactly what they need. Outdated Features .

Compliance

Compliance Risk Mining Paper

What is Data Lineage? Top 5 Benefits of Data Lineage

erwin

APRIL 29, 2020

Also, when there is a change to the environment, it is valuable to assess the impacts to the enterprise application landscape. In the event of a change in data expectations, data lineage provides a way to determine which downstream applications and processes are affected by the change and helps in planning for application updates.

Metadata

Metadata Compliance Government Marketing

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

These changes reflect several comments made in response to the draft Cybersecurity Rule to further clarify, strengthen and clarify various requirements, as highlighted below. The following are some of the key changes in the proposed amendments: Notification Requirement. Cybersecurity Plan.

Financial Services

Financial Services Cybersecurity Ransomware Compliance

Happy Compliance Officer Day!

Thales Cloud Protection & Licensing

SEPTEMBER 25, 2023

One thing that changed this year is that our son asked if he could cycle to school with his friend. This may involve working with auditors and other relevant stakeholders to address any identified issues. My wife and I deliberated, and eventually agreed on condition that he wore a helmet – as he does when he cycles with the family.

Compliance

Compliance GDPR Risk Education

Risk Management under the DORA Regulation

IT Governance

NOVEMBER 23, 2023

Note 2: The percentages in brackets indicate the % change compared to the previous year. The course is the prerequisite to further specialist DORA training courses, including C-DORA Practitioner, C-DORA Compliance Officer and C-DORA Lead Auditor. So to account for seasonality, we’ve only looked at Q2–Q4 for all four years (2019–2022).

Risk

Risk Data breaches Authentication Financial Services

Preparing for a PCI audit

IT Governance

JANUARY 4, 2018

While the PCI SSC has worked to even out the quality of its auditors, there are plenty of inexperienced auditors out there who have made some very expensive decisions on behalf of organisations that have to comply with the Standard. The auditor will review your processes, log files, policies, procedures and network flow diagrams.

Compliance

Compliance Security Risk Data breaches

New CA/B Forum Code Signing Requirements in Effect – Is Your Organization Compliant?

Thales Cloud Protection & Licensing

JUNE 19, 2023

To prevent this from happening, earlier this month, the CA/B forum’s new Code Signing Baseline Requirements (CSBRs) came into effect, bringing with it changes to how organizations must generate and protect code signing certificate private keys. These new requirements officially came into effect on June 1, 2023, with Ballot CSC-17.

Cloud

Cloud Compliance Risk Marketing

Vulnerability Management Policy: Steps, Benefits, and a Free Template

eSecurity Planet

MAY 12, 2023

Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard. Review and Modify the Vulnerability Management Policy Even though the Vulnerability Management Policy is approved in step three, the organization, IT resources, and regulations will change over time.

Compliance

Compliance Risk Cybersecurity IT

SEC Proposes Cybersecurity Rules for Public Companies

Hunton Privacy

MARCH 11, 2022

of Form 8-K in the company’s quarterly report on Form 10-Q or annual report on Form 10-K for the period in which the material change, addition, or update occurred. Any changes in the company’s policies and procedures as a result of the cybersecurity incident, and how the incident may have informed such changes.

Cybersecurity

Cybersecurity Risk Government Security

Cyber attacks: What to prepare for

IT Governance

MARCH 23, 2018

This allows them to spoof people’s identity, tamper with existing data, void transactions, change balances, become administrators of the database server or disclose or destroy data. You can gain the skills to fill that role by enrolling on our ISO27001 Certified ISMS Lead Auditor Training Course. Conducting an audit follow-up.

Data breaches

Data breaches Phishing Analytics Information Security

Thoroughly Assessing Data Security in a Db2 for z/OS Environment - Part 1

Robert's Db2

FEBRUARY 24, 2022

Mainly because someone with SYSADM authority can look at (and even change) the data in any table. You could say, "It's OK - no one on my Db2 team is a bad actor," but that argument is not likely to sway security auditors these days. What about the password associated with an application's ID?

Passwords

Passwords Encryption Security Authentication

NYDFS proposes significant cybersecurity regulation amendments

Data Protection Report

AUGUST 11, 2022

On July 29, 2022, the New York Department of Financial Services (NYDFS) announced a “pre-proposed outreach” of material proposed changes to almost every section of its cybersecurity regulations, and would affect each entity covered by the current regulations of 23 NYCRR Part 500. The Proposed Regulation Changes. Governance. 500.17).

Cybersecurity

Cybersecurity Risk Passwords Compliance

NEW TECH: Security Compass streamlines the insertion of security best practices into DevOps

The Last Watchdog

MARCH 31, 2020

Add in the mainstreaming of cloud computing, as well as the emergence of practices like continuous integration , and the result is ever faster cycles of “develop, deploy, get feedback and make changes,” Sethi observes.

Security

Security Privacy Financial Services Risk

FAQ: Are We In Compliance?

The Texas Record

MAY 14, 2020

Including the County Auditor, appraisal district, emergency service districts, school districts, water districts, and more. The law mandates this must be done within 30 days of a personnel change. Nonelective county offices. File a records management policy with TSLAC. This could also be in the form of an order/ordinance/resolution.

Compliance

Compliance Records Management Government Libraries

Why risk assessments are essential for GDPR compliance

IT Governance

APRIL 4, 2018

Documents such as the Statement of Applicability and risk treatment plan can be exported, edited and shared across the business and with auditors. The assessment process is delivered consistently year after year (or whenever circumstances change). Geared for repeatability. Streamlined and accurate.

GDPR

GDPR Compliance Risk Data breaches

GUEST ESSAY: 3 key ingredients to stress-free compliance with data handling regulations

The Last Watchdog

JUNE 14, 2018

Passing a compliance audit boils down to proving to auditors that your organization has implemented three fundamental things: adequate data security, access control and comprehensive reporting of your information sharing activity. While individual regulations prioritize these differently the requirements do not change.

Compliance

Compliance Encryption GDPR Cloud

Vulnerability Management Policy Template

eSecurity Planet

MAY 12, 2023

Although critical components of vulnerability management, Patch Management and Change Management will be covered separately in their own Policies. It is best to use a title because people sometimes change and the policy should not need to be revised with every personnel change.]

Risk

Risk Compliance Security IT

Improve your information security with risk assessment software

IT Governance

DECEMBER 8, 2017

Able to generate audit reports : You can export reports, including a Statement of Applicability and risk treatment plan, edit them and share them across the business and with auditors. Geared for repeatability : It’s easy to repeat your risk assessments in a consistent manner year after year (or whenever circumstances change).

Information Security

Information Security Risk Security IT

Protecting Sensitive Data with Luna Key Broker for Microsoft Double Key Encryption

Thales Cloud Protection & Licensing

APRIL 1, 2021

For those who are focused on maintaining compliance and protecting sensitive data across their organization, like the CISO office, security architects and auditors, one of the best practices for data security is to maintain control and own the keys used to encrypt sensitive data in all applications.

Encryption

Encryption Compliance Cloud GDPR

Only big fines will change how the auditors audit

Best Practices Q&A: The importance of articulating how cybersecurity can be a business enabler

Webinars

Trending Sources

The value of Key Rotation and Re-encryption.

Webinars

BT auditor highlights IT vulnerabilities in financial reporting

RSAC insights: ‘CAASM’ tools and practices get into the nitty gritty of closing network security gaps

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

6 Ways Document Management Software Can Make Your Next Audit a Breeze

What is a Cyber Security Audit and Why is it Important?

ISO 27701: UKAS requirements for ISMS certification bodies

How to carry out an ISO 27001 internal audit

How to conduct an ISO 27001 internal audit

Written IT Security Policies: Why You Need Them & How to Create Them

Understanding PCI compliance auditing

How to conduct an ISO 27001 internal audit

NYC DCWP Adopts Rules to Implement Law Governing Automated Employment Decision Tools and Sets July Enforcement Date

BigDebIT flaws in Oracle EBS allow hackers to alter financial records

Threat actors hacked a server of a Queensland water supplier and remained undetected for 9 months

Guest Post - Digital Transformation: Adapt Your Business Environment

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

Most sought-after certifications for 2018

COVID-19 has created demand for cyber security personnel

Patch Management Policy: Steps, Benefits and a Free Template

JIRA for Rocket Aldon

Why you should keep data observability separate from data cleansing

USPS Site Exposed Data on 60 Million Users

Five Signs Your Enterprise Needs a Modern DevOps Solution, and What to Look for in One

What is Data Lineage? Top 5 Benefits of Data Lineage

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Happy Compliance Officer Day!

Risk Management under the DORA Regulation

Preparing for a PCI audit

New CA/B Forum Code Signing Requirements in Effect – Is Your Organization Compliant?

Vulnerability Management Policy: Steps, Benefits, and a Free Template

SEC Proposes Cybersecurity Rules for Public Companies

Cyber attacks: What to prepare for

Thoroughly Assessing Data Security in a Db2 for z/OS Environment - Part 1

NYDFS proposes significant cybersecurity regulation amendments

NEW TECH: Security Compass streamlines the insertion of security best practices into DevOps

FAQ: Are We In Compliance?

Why risk assessments are essential for GDPR compliance

GUEST ESSAY: 3 key ingredients to stress-free compliance with data handling regulations

Vulnerability Management Policy Template

Improve your information security with risk assessment software

Protecting Sensitive Data with Luna Key Broker for Microsoft Double Key Encryption

Stay Connected