Group items tagged

"One of the easiest ways to begin implementing ethics and compliance within lower levels is to provide new hires with extensive training on company expectations and ethics and compliance"

"Employee theft and fraud is on the increase - and an Australian start-up company believes it has pioneered a means of early detection. According to a recent survey conducted by KPMG, the total funds lifted from organisations came to $345 million - a significant increase from the $301 million of 2008, totalling 174,914 cases. "Employee fraud is a growing concern for organisations in all business sectors both in monetary and reputational terms," says Alon Spitzer, who has founded Integrity Elements, a company specialising in the new field of ' integrity testing and valuation'."

In today's economic climate, many organizations outsource parts of their business to take advantage of cost savings and solution-expertise. However, as vendor relationships increase, it becomes more difficult to manage them. The risks assumed by outsourcing can be significant without a vendor management program. According to the Ponemon Institute Study - 2009 Security Mega Trends, an average of 50.5% of organizations who outsourced sensitive and confidential data to third parties experienced a security incident or data breach as a result of outsourcing. In this 1-hour live webcast, Michael Rasmussen, President at Corporate Integrity, will share his insights on the importance of vendor management, as well as his recommendations of best practices for defining and executing an effective strategy. Chris Noell, EVP of Product management of TruArx, will then provide a brief overview of how GRC tools such as TruComply can automate key vendor management activities and enable these best practices. In this session, you will learn about: *The importance of vendor management and how it applies to your business *Best practices for defining and executing an effective vendor management strategy *How you can quickly and cost-effectively establish a mature vendor management program

What the government IT manager needs when getting ready to embark on their migration to the Cloud is a good template; one that defines a proven roadmap to follow.What Cloud Computing Summit attendees learned (and now you) is that help is on the way. Cloud and SOA expert Dave Linthicum has developed a step-by-step plan to help you scale the heights. He goes through them meticulously in his new book Cloud Computing and SOA Convergence In Your Enterprise: A Step-by-Step Guide. At the Summit, Linthicum outlined the plan. Afterwards he told 1105 Custom Media you can consider Cloud Computing the extension of SOA out to Cloud-delivered resources, such as storage-as-a-service, data-as-a-service, and platform-as-a-service.

i everyone, I am Quentin Christensen and I work on document and records management functionality for SharePoint. Electronic discovery (commonly referred to as eDiscovery) is an area we are supporting with new set of capabilities in SharePoint Server 2010. In case you are not familiar with eDiscovery, it is the process of finding, preserving, analyzing and producing content in electronic formats as required by litigation or investigations. eDiscovery is an important concern for all of our customers and given that SharePoint has grown to be an integral part of collaboration, document, and records management for many organizations, we recognize the need to support the eDiscovery process for SharePoint content. Microsoft Office SharePoint Server 2007 included a hold feature that could be used for eDiscovery, but it was scoped to the Records Center site template. With SharePoint Server 2010 the eDiscovery capabilities have been greatly expanded to provide more functionality and the power to use these features across your entire SharePoint deployment. In this post, I want to highlight three major improvements in SharePoint that support eDiscovery. You can: Manage holds and conduct eDiscovery searches on any site collection Use SharePoint Server Search or FAST Search for SharePoint out of box to search and process content Automatically copy eDiscovery search results to a separate repository for further analysis

only 26 percent. This means another 74 percent of employees at those companies did something bad and didn't get fired.

Spreadsheets are a thorn in the flesh of risk and compliance. I have seen organizations with upwards of 40,000 spreadsheets collected for different risk and compliance issues (e.g., SOX, Basel II, Ethics), as control questionnaires are sent to nearly everyone in the organization. The questionnaires come back and the compliance team scratches their heads and says Now what? How do we manage and report on this data?

CERT'S PODCASTS: SECURITY FOR BUSINESS LEADERS: SHOW NOTES Tackling Tough Challenges: Insights from CERT's Director Rich Pethia Key Message: Rich Pethia reflects on CERT's 20-year history and discusses how he is positioning the program to tackle future IT and security challenges. Executive Summary CERT's vision is a securely connected world. CERT's mission is to enable informed trust and confidence in the use of information technology. To achieve this vision and mission, CERT has broadened its perspective to include the full system/software engineering and operations life cycle and is reaching out to thought leaders in the global IT and security community. In this podcast, Rich Pethia, director of the CERT Program at Carnegie Mellon University's Software Engineering Institute, discusses the past, current, and future state of Internet security and CERT's role in tackling future challenges as CERT celebrates its 20th anniversary. PART 1: LOOKING BACK, LOOKING FORWARD: THE GOOD, THE BAD, AND THE UGLY CERT's Vantage Point CERT's vision is a securely connected world, supported by CERT's mission of enabling informed trust and confidence in the use of information technology. As the director of CERT, Pethia has unique access to government, commercial, and industry leaders. The Good News Internet use continues to grow, not just in size (number of people, volume of traffic) but also in utility, for example: * the increasing amount of real government and business operations * the introduction of new applications * the growing use of new mobile appliances User awareness of the need to address security is increasing along with increasing attention from service providers (firewalls, virus protection, anti-spyware, data backup). Developers are paying more attention to building security into their products. Vendors have more mature processes for providing cost-effective, timely updates for software vulnerabilities. Users are more willing

"This is one of the most significant threats companies face,"

People to Google: Doug Leland, Microsoft John Brennan, the President's top adviser for counterterrorism and homeland security. Kevin Rowney, Symantec, founder of the firm's Data Loss Prevention Unit

Notifications can be delayed if law enforcement determines it could hinder a criminal investigation

A new California law requiring that customers be notified of a breach involving their medical information is likely to influence legislation in other states.

"SAN FRANCISCO - May 18, 2011 - The City and County of San Francisco today announced that it will upgrade and consolidate its multiple citywide email systems used by more than 23,000 employees as part of its ongoing efforts to improve the quality and efficiency of its services and reduce IT management costs. "A key part of serving a community as diverse and vibrant as ours starts with making the right investments in information technology," San Francisco Mayor Edwin M. Lee said. "It is our responsibility to make decisions that are fiscally responsible, forward-looking, and improve the services that city and county employees provide to our constituents.""