Skip to main content

Home/ WPPS C-Suite News/ Group items tagged GRC

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
sandy ingram

Spreadsheets are inadequate for risk and compliance assessment questionaires | OCEG - 0 views

oceg.org/...iance-assessment-questionaires

Security Privacy grc compliance audit assessment

shared by sandy ingram on 07 Oct 10 - No Cached
  • It gets worse . . . auditors and legal can step in and cry 'foul.' It is difficult to provide non-repudiation within spreadsheets in a scalable context. Basically, one can not go back and truly state that "this person answered this compliance (a legal process) on this date and time, and we know this is the original answer and it has not been modified." Spreadsheets do not have this level of authentication, access control and audit trail. GRC processes require a robust audit trail so that you know who answered a question and if that answer was modified - spreadsheets do not provide the functionality to cover this.
  • To replace spreadsheets I would look towards governance, risk, and compliance (GRC) management platforms. Vendors in this space include Archer Technologies, Axentis, BWise, MEGA, MetricStream, OpenPages, Paisley, and QUMAS. These vendors, and many more, have integrated content and workflow technologies to manage GRC assessment processes. They are a much better choice over the use of spreadsheets for GRC processes.
  • sandy ingram on 07 Oct 10
     
    Spreadsheets are a thorn in the flesh of risk and compliance. I have seen organizations with upwards of 40,000 spreadsheets collected for different risk and compliance issues (e.g., SOX, Basel II, Ethics), as control questionnaires are sent to nearly everyone in the organization. The questionnaires come back and the compliance team scratches their heads and says Now what? How do we manage and report on this data?
sandy ingram

Extending Your Enterprise Risk Management Program #grc #smb - 0 views

www.brighttalk.com/21953

Best Practice security privacy grc Compliance risk goverance

shared by sandy ingram on 27 Jul 10 - Cached
  • sandy ingram on 27 Jul 10
     
    In today's economic climate, many organizations outsource parts of their business to take advantage of cost savings and solution-expertise. However, as vendor relationships increase, it becomes more difficult to manage them. The risks assumed by outsourcing can be significant without a vendor management program. According to the Ponemon Institute Study - 2009 Security Mega Trends, an average of 50.5% of organizations who outsourced sensitive and confidential data to third parties experienced a security incident or data breach as a result of outsourcing. In this 1-hour live webcast, Michael Rasmussen, President at Corporate Integrity, will share his insights on the importance of vendor management, as well as his recommendations of best practices for defining and executing an effective strategy. Chris Noell, EVP of Product management of TruArx, will then provide a brief overview of how GRC tools such as TruComply can automate key vendor management activities and enable these best practices. In this session, you will learn about: *The importance of vendor management and how it applies to your business *Best practices for defining and executing an effective vendor management strategy *How you can quickly and cost-effectively establish a mature vendor management program
sandy ingram

Managing Cloud Risks - Forbes - 0 views

www.forbes.com/...managing-cloud-risks

security privacy compliance Best Practice cybersecurity cloud GRC

shared by sandy ingram on 27 Oct 11 - No Cached
  • SLAs and the “Right to Audit” Clause When you move your data to the cloud, you must consider the risk to your brand should a breach occur. You need to ensure that any Service Level Agreements (SLAs) you have in place protect it. SLAs should address any and all risks to your data while it lives in the cloud. 
  • sandy ingram on 27 Oct 11
     
    Vendor Risk Management and Cloud Security Standards Another important consideration when mapping out your cloud GRC strategy is to ensure your vendor risk management program accounts for the new risks that come with moving to the cloud.
sandy ingram

5 Steps to Secure a Mobile Workforce #infosec #grc - 0 views

www.businessweek.com/...secure_a_mobile_workforce.html

mobile security Best Practice Privacy compliance cybersecurity

shared by sandy ingram on 30 Nov 10 - No Cached
  • Here are five steps your company can implement quickly and cost-effectively.
  • 1. Deploy comprehensive endpoint security to check endpoint devices for spyware and malware.
  • 2. Ensure that user devices adhere to defined corporate security policies before, during, and after network connection.
  • ...3 more annotations...
  • 3. Encrypt sensitive data and log file access to ensure that data is not compromised if a mobile device is lost or stolen.
  • 4. Automatically filter and delete SMS spam by setting up pre-defined, configurable settings on mobile devices.
  • 5. Restrict network access by noncompliant or potentially infected devices.
  • sandy ingram on 30 Nov 10
     
    "Some 2.8 million Americans now work permanently from home offices and a full 38 million (37 percent of the total U.S. workforce) telecommute at least once a month. For the most part, the mainstreaming of telecommuting and the arrival of the virtual or mobile office has been a positive development, both in terms of employee productivity and cost reduction. However, one of the challenges of the proliferating mobile workforce is for companies to ensure that their most-sensitive customer and corporate information is truly secure."
sandy ingram

Carnegie Mellon - MySecureCyberspace: Setting Up a Secure Network in the Office #smb #grc - 0 views

www.mysecurecyberspace.com/...ure-network-in-the-office.html

Privacy security Best Practice

shared by sandy ingram on 28 Dec 10 - No Cached
  • Staying Wired When possible and convenient, use a wired network. Wired networks, whose signals are contained within wires, are much safer than wireless networks, whose signals are broadcast into the air. One can be safe from a number of malicious attacks by connecting a computer to the router (a device that connects networks, in this case, your local network to the Internet) via an ethernet cable, instead of connecting via wireless. Appropriate network settings, of course, must be entered into the computers.
  • Taking the Office Wireless
  • Securing Each Network Node
  • ...2 more annotations...
  • If a wireless network is desired, use the following recommendations.
  • Next, security must be implemented on the computers that will connect to the network, known as the "network nodes."
  • sandy ingram on 28 Dec 10
     
    "A secure office network is the first step towards secure computing. Following are a few suggestions to secure networking at work."
1 - 5 of 5
Showing 20 items per page