You are currently browsing the archives for the IT Risk and Compliance category.
Our recent survey on IT risk management published some interesting findings on risk management in the IT function. One of the surprising findings was how many different titles can be responsible for IT risk management. Sovency II and several pieces of draft legislation in the US require that the CRO be responsible for overall risk [...]
[Read More]OpenPages recently conducted a survey of IT risk and compliance executives from a variety of industries including financial services, energy, government and health care. The survey revealed that most organizations are managing the basics of IT risk practices effectively (in particular, IT security and IT regulatory compliance), yet still have considerable work to do in [...]
[Read More]We’re pleased to announce that OpenPages and Network Frontiers have partnered to deliver the Unified Compliance Framework (UCF) to the OpenPages customer base. The addition of the UCF content into the OpenPages IT governance solution – OpenPages ITG supports OpenPages’ goal of providing its customers with a holistic approach to managing IT risk and compliance.
The [...]
How effective is your organization at identifying and managing IT risks? Does your organization think of IT risk only in terms of avoidance or compliance, or does it use risk management to improve the effectiveness and value of IT?
If you’ll complete this short, 5 minute survey on IT risk management, we’ll send you a [...]
[Read More]SearchSecurity has coverage from RSA about a new version of the PCI Data Security Standard, due out sometime in Q3 of this year. It appears they’re taking a pragmatic approach, and indications are that it will be an evolution based on user feedback rather than a drastic, revolutionary change. PCI has been a sensitive topic, [...]
[Read More]Attrition.org maintains a list of public, high profile data breaches. The list is staggeringly long, and goes back to the year 2000. TJX, while a high profile data breach and perhaps one of the biggest stories of 2007, is only one of the many that were publicly reported. And, companies have a vested interest in [...]
[Read More]We’ve blogged frequently on the topic of IT risk management, most recently here. With recent events highlighting the need for better risk management, now, more than ever, people are thinking about how to improve their processes and technology for supporting their risk management programs. Ben Worthen over at the WSJ BizTech blog has written recently [...]
[Read More]In November, I blogged about the difference between IT Risk Management and Information Security. For the full post, read here.
There’s a big different between tactical execution and strategic oversight. Therein comes the challenge with most information security programs; they place far too much emphasis on the how and what, and far too little on the [...]
When I took my first class on financial engineering as a naïve applied mathematics undergrad, we started with portfolio selection and the capital asset pricing model. In my typically confident (some might say arrogant ) fashion, I decided I knew more than the professors, and that we should be focused on maximizing returns, rather than [...]
[Read More]
