Most Active Articles 2009-11-24T03:39:59.917-05:00 Business Exchange Business_Exchange@businessweek.com urn:com:businessweek:bx:topic:most-active:sarbanes-oxley-compliance John Maresca jmaresca218 urn:com:businessweek:bx:article:1479564980672510324-b3ec4b097dc0c468abf83fb1addcccbc 2009-11-06T10:13:09.714-05:00

It took just five weeks after the WorldCom accounting scandal erupted in 2002 for Congress to pass, and President George W. Bush to sign, the Sarbanes-Oxley Act. That law required public companies to make sure their internal controls against fraud...

It took just five weeks after the WorldCom accounting scandal erupted in 2002 for Congress to pass, and President George W. Bush to sign, the Sarbanes-Oxley Act. That law required public companies to make sure their internal controls against fraud... http://www.nytimes.com/2009/11/06/business/06norris.html?_r=1&ref=business John Maresca jmaresca218 11 10 0 1 urn:com:businessweek:bx:article:17563071709134101889-e48b4c0e50b4d70fe72a7fef690804e2 2009-11-09T08:41:31.010-05:00

The short answer for persons leaving a company is to be very careful and to have a very clear understanding with the employer about what can and cannot be taken. The increasing involvement of government authorities in enforcing remedies involving trade secrets certainly signals a new level of risk for those who may be considering taking or copying trade secrets.

The short answer for persons leaving a company is to be very careful and to have a very clear understanding with the employer about what can and cannot be taken. The increasing involvement of government authorities in enforcing remedies involving trade secrets certainly signals a new level of risk for those who may be considering taking or copying trade secrets. http://information-security-resources.com/2009/11/08/federal-statutes-aid-trade-secret-prosecution/ Anthony M. Freed afreed536 2 1 0 1 urn:com:businessweek:bx:article:16652466658209850697-0d970796d1f39210ca35d25e2412389d 2009-11-05T18:26:45.722-05:00

I recently read a good article regarding IT Security Audits which I thought many readers would be interested in. Cheating on IT Audits by IT staffs is not unheard of to most of us in the auditing business. However, it is a taboo subject that rarely...

I recently read a good article regarding IT Security Audits which I thought many readers would be interested in. Cheating on IT Audits by IT staffs is not unheard of to most of us in the auditing business. However, it is a taboo subject that rarely... http://auditjournal.wordpress.com/2009/10/29/enterprise-security-cheating-on-your-it-security-audits/ Joel C. Font jfont315 7 6 0 1 urn:com:businessweek:bx:article:12135571462664597835-485c494c1ad1328d8cd3689fc6c793a7 2009-11-02T08:33:11.760-05:00

Forget about vampires, ghouls and zombies. You were much more likely to receive a fright this year from something lurking in your e-mail. There were the usual crop of Trojan horses and phishing expeditions, and as the surprising list points out, some of the scares go all the way up to White House and the FBI.

Forget about vampires, ghouls and zombies. You were much more likely to receive a fright this year from something lurking in your e-mail. There were the usual crop of Trojan horses and phishing expeditions, and as the surprising list points out, some of the scares go all the way up to White House and the FBI. http://information-security-resources.com/2009/11/01/top-ten-email-related-disasters-of-2009/ Anthony M. Freed afreed536 4 3 0 1 urn:com:businessweek:bx:article:13745611189731444234-a668dfd2b546cb9b4bb3627768764650 2009-01-22T15:34:00.000-05:00

...requirements such as Sarbanes, Oxley, and HIPPA.

...requirements such as Sarbanes, Oxley, and HIPPA. http://www.mechodownload.com/forum/linux-programs/135459-red-hat-enterprise-linux-server-5-3-i386-dvd-iso.html 278 278 0 0 urn:com:businessweek:bx:article:3446017656379132102-1bf96540e06fea1c4c4411c1100163c8 2009-11-02T10:50:47.559-05:00

The analysis coming from your business process shows a gap in the data. Trust your gut that there is a bigger problem hiding away.

The analysis coming from your business process shows a gap in the data. Trust your gut that there is a bigger problem hiding away. http://blog.consected.com/2009/11/listen-to-your-gut-when-process.html Phil Ayres payres580 2 1 0 1 urn:com:businessweek:bx:article:10263452810359765899-72bea8d49cac40e1b07fc83b7fe9c661 2009-10-27T09:48:04.420-04:00

The SearchStorage channel on TechTarget (Australia) reports EMC's drop in sales in its Content Management and Archiving (CMA) division, due to what some may call uncharacteristic tardiness on the part of EMC when it comes to technology acquisitions.

The SearchStorage channel on TechTarget (Australia) reports EMC's drop in sales in its Content Management and Archiving (CMA) division, due to what some may call uncharacteristic tardiness on the part of EMC when it comes to technology acquisitions. http://blog.consected.com/2009/10/emc-consumes-sharepoint-saving-it-from.html Phil Ayres payres580 2 1 0 1 urn:com:businessweek:bx:article:7711159032980498662-cb1774dfd0ca974368e19c8df991a3f1 2009-10-19T12:33:48.038-04:00

Given the business impact of regulations like PCI DSS, Sarbanes Oxley, and GLBA, this is understandable. While savvy business leaders understand the limitations of these guidelines, there are among us less enlightened individuals who view these as a cure for organizational security issues.

Given the business impact of regulations like PCI DSS, Sarbanes Oxley, and GLBA, this is understandable. While savvy business leaders understand the limitations of these guidelines, there are among us less enlightened individuals who view these as a cure for organizational security issues. http://information-security-resources.com/2009/10/19/the-truth-about-regulatory-compliance/ Anthony M. Freed afreed536 5 4 0 1 urn:com:businessweek:bx:article:9065903954625017736-f7a38d8531cf746650e3395f0fcc8651 2009-10-21T12:31:42.760-04:00

Know your beast when it comes to your first software project

Know your beast when it comes to your first software project http://blog.consected.com/2009/10/comic-book-software-projects.html Phil Ayres payres580 2 1 0 1 urn:com:businessweek:bx:article:17854202763235448945-d3b1d011cf2ad5bc3fb9f399a8a34bd8 2009-10-12T09:09:43.493-04:00

For a long time I have been recapitulating concerns to enterprises about managing the internal threat. And with the recent economic downturn, layoffs and other sources of employee dissatisfaction are increasing the risks from internal threats. The fact is, corporate management must pay attention to the insider threat and implement policies and controls to manage it.

For a long time I have been recapitulating concerns to enterprises about managing the internal threat. And with the recent economic downturn, layoffs and other sources of employee dissatisfaction are increasing the risks from internal threats. The fact is, corporate management must pay attention to the insider threat and implement policies and controls to manage it. http://information-security-resources.com/2009/10/11/managing-your-internal-security-threats/ Anthony M. Freed afreed536 3 2 0 1 urn:com:businessweek:bx:article:4338238317551360900-c003627728ae365af41c1a3845282ae4 2009-10-14T09:56:11.643-04:00

When a better way of doing things arises, an analyst who seeks to shed light on the future for their lackadaisical client base would attempt to nudge them towards the light of change: enhanced security, better control, and lower total costs as demonstrated by the Enterprise Class UTM vendors. Never have I seen an analyst firm so adamantly defend the status quo.

When a better way of doing things arises, an analyst who seeks to shed light on the future for their lackadaisical client base would attempt to nudge them towards the light of change: enhanced security, better control, and lower total costs as demonstrated by the Enterprise Class UTM vendors. Never have I seen an analyst firm so adamantly defend the status quo. http://information-security-resources.com/2009/10/13/utm-systems-for-enterprise-security-debated/ Anthony M. Freed afreed536 1 0 0 1 urn:com:businessweek:bx:article:16330650609989004657-c14648ec487ebd0f61c753453760a525 2009-10-22T01:05:32.624-04:00

One of the more interesting products I saw at Oracle Open World was Financial Close Management (FCM), which will be generally available (GA) sometime in 2010. (One member of the audience at a session I attended insisted on calling it “vaporware.” Strictly speaking that is true, but the product will be the result of assembling already mature software, so we would be very surprised if it’s not available next year.) I don’t make a habit of talking about applications that are not GA, but this one is important enough to highlight because of its potential positive impact on how public companies manage their close-to-report cycle.

One of the more interesting products I saw at Oracle Open World was Financial Close Management (FCM), which will be generally available (GA) sometime in 2010. (One member of the audience at a session I attended insisted on calling it “vaporware.” Strictly speaking that is true, but the product will be the result of assembling already mature software, so we would be very surprised if it’s not available next year.) I don’t make a habit of talking about applications that are not GA, but this one is important enough to highlight because of its potential positive impact on how public companies manage their close-to-report cycle. http://www.ventanaresearch.com/blog/commentblog.aspx?id=3335 Ventana Research vresearch293 0 0 0 0 urn:com:businessweek:bx:article:6106123372331778223-31a21423ee8d1b937359937d5956b2e5 2009-10-07T10:50:50.888-04:00

The root cause of application security vulnerabilities is usually design bugs, and often there are implementation defects. The empirical data showed that software bugs accounted for over 55% of the contributing vulnerability to the event (see the Business Threat Modeling study).

The root cause of application security vulnerabilities is usually design bugs, and often there are implementation defects. The empirical data showed that software bugs accounted for over 55% of the contributing vulnerability to the event (see the Business Threat Modeling study). http://information-security-resources.com/2009/10/07/software-defects-still-key-factor-in-data-loss/ Anthony M. Freed afreed536 2 1 0 1 urn:com:businessweek:bx:article:11949558099426062588-42334421c5adf4e81851994845acd965 2009-09-29T11:08:18.294-04:00

Establish energy industry standards that require each utility to perform at least annual PIAs for their area of responsibility on the Smart Grid, in addition to performing PIAs when significant operations changes occur, to show the privacy vulnerabilities and threats for consumer meter and power collection points.”

Establish energy industry standards that require each utility to perform at least annual PIAs for their area of responsibility on the Smart Grid, in addition to performing PIAs when significant operations changes occur, to show the privacy vulnerabilities and threats for consumer meter and power collection points.” http://information-security-resources.com/2009/09/29/top-ten-smart-grid-privacy-concerns/ Anthony M. Freed afreed536 4 3 0 1 urn:com:businessweek:bx:article:8258351463771167102-642845bcd8f038d86dd8406a93a28d92 2009-09-30T10:15:26.301-04:00

Today, most of our contracts are jurisdiction-based and mostly relate to the location of data. With cloud computing, this is something which can’t be defined. Until laws evolve to accommodate these technological issues in contractual terms, large corporations will find it difficult to migrate quickly to clouds.

Today, most of our contracts are jurisdiction-based and mostly relate to the location of data. With cloud computing, this is something which can’t be defined. Until laws evolve to accommodate these technological issues in contractual terms, large corporations will find it difficult to migrate quickly to clouds. http://information-security-resources.com/2009/09/29/privacy-and-security-top-cloud-concerns/ Anthony M. Freed afreed536 2 1 0 1 urn:com:businessweek:bx:article:7322707126483810745-3977f08aeb352a38bde5e2560493cf60 2009-10-14T16:36:22.863-04:00

The unwritten rule for improving business processes often follows this rather lame approach:Let's draw a pretty picture of your as-is process, then have everyone collaborate around that to remove the waste. Look mom, we do Six Sigma too! If you don't want to follow the lame approach, read this to see an alternative for working better.

The unwritten rule for improving business processes often follows this rather lame approach:Let's draw a pretty picture of your as-is process, then have everyone collaborate around that to remove the waste. Look mom, we do Six Sigma too! If you don't want to follow the lame approach, read this to see an alternative for working better. http://improving-nao.blogspot.com/2009/10/look-mom-we-do-six-sigma-too-part-2.html Phil Ayres payres580 0 0 0 0 urn:com:businessweek:bx:article:10510658400646517224-44e7369c8362cd19a098b457b3fa0419 2009-10-13T12:04:54.994-04:00

I see the relationship between lean thinking, agile development methodologies and technology for an actual implementation of business improvement being closer than ever, and one that is barely touched by more than marketing by traditional business...

I see the relationship between lean thinking, agile development methodologies and technology for an actual implementation of business improvement being closer than ever, and one that is barely touched by more than marketing by traditional business... http://improving-nao.blogspot.com/2009/10/look-mom-we-do-six-sigma-too-part-1.html Phil Ayres payres580 0 0 0 0 urn:com:businessweek:bx:article:179394527074017061-1015ed1ced2161d4c3ad028833b4b069 2009-10-05T22:56:56.809-04:00

As everything around us is changing, the role of procurement in modern organizations is evolving and changing as well. The catalyst for that change is the introduction of Sarbanes-Oxley a few years ago, which requires corporate officers to be responsible and accountable for establishing adequate internal control structures and procedures for financial reporting. Naturally, the procurement role and the decision-making process for allocating public companies funds have become more visible and tangible. Read more at: http://tinyurl.com/y9lymqx

As everything around us is changing, the role of procurement in modern organizations is evolving and changing as well. The catalyst for that change is the introduction of Sarbanes-Oxley a few years ago, which requires corporate officers to be responsible and accountable for establishing adequate internal control structures and procedures for financial reporting. Naturally, the procurement role and the decision-making process for allocating public companies funds have become more visible and tangible. Read more at: http://tinyurl.com/y9lymqx http://notesofbusinesstravelconsultant.blogspot.com/2009/10/evolving-role-of-procurement-in-modern.html Bill Moussli bmoussli822 3 3 0 0 urn:com:businessweek:bx:article:548350640497888713-24b0eba8da95add0c45dba51e4dc8af3 2009-01-14T14:51:35.347-05:00

You may recall that the so-called Sarbanes-Oxley Act came into being in 2002 in the wake on the Enron scandal and other corporate shenanigans that involved smoke...

You may recall that the so-called Sarbanes-Oxley Act came into being in 2002 in the wake on the Enron scandal and other corporate shenanigans that involved smoke... http://www.ciozone.com/index.php/Blogs/view/2544/.html Scott Miller smiller623 51 51 0 0 urn:com:businessweek:bx:article:6038206971344348883-bdea8319537a9c592a9c172e90c03fe4 2009-09-17T11:09:59.449-04:00

Companies are requiring huge amounts of personal information for quarantine events, and not only about workers, but also family members and non-family individuals who share the same living quarters. What kind of information is your company requiring for quarantines?

Companies are requiring huge amounts of personal information for quarantine events, and not only about workers, but also family members and non-family individuals who share the same living quarters. What kind of information is your company requiring for quarantines? http://information-security-resources.com/2009/09/16/protecting-your-privacy-during-a-pandemic/ Anthony M. Freed afreed536 1 0 0 1 urn:com:businessweek:bx:article:3457786561302425587-4754c09b8f4f138859ab837a86de9402 2009-09-11T13:34:51.177-04:00

WASHINGTON (AP) — Top officials at the Securities and Exchange Commission pledged at a Senate hearing on Thursday to fix the problems that led to the agency’s failure to detect the multibillion-dollar fraud conducted for more than a decade by...

WASHINGTON (AP) — Top officials at the Securities and Exchange Commission pledged at a Senate hearing on Thursday to fix the problems that led to the agency’s failure to detect the multibillion-dollar fraud conducted for more than a decade by... http://www.nytimes.com/2009/09/11/business/11madoff.html?_r=1&ref=business John Maresca jmaresca218 2 1 0 1 urn:com:businessweek:bx:article:11503118068075937944-2ffe7ea731a2ebef1ab1482ce78566dd 2009-03-16T23:52:52.459-04:00

• SEC with a full case-study presentation as well as a full Q&A session with an SEC representative • 3M on successful SOX compliance in multi-national organizations • Eli Lilly on optimizing the external auditor relationship • Eastman Kodak Company on going beyond 404: Meeting the SOX governance requirements • Canadian Natural Resources on practical identification and mitigation of IT risks and controls • Barr Pharmaceuticals on going beyond AS5: identifying further opportunities to reduce costs • Flowserve Corporation on improving effectiveness and reducing costs • EMC on standardizing controls in a de-centralized environment Live Blogging By Information-Security-Resources.com

• SEC with a full case-study presentation as well as a full Q&A session with an SEC representative • 3M on successful SOX compliance in multi-national organizations • Eli Lilly on optimizing the external auditor relationship • Eastman Kodak Company on going beyond 404: Meeting the SOX governance requirements • Canadian Natural Resources on practical identification and mitigation of IT risks and controls • Barr Pharmaceuticals on going beyond AS5: identifying further opportunities to reduce costs • Flowserve Corporation on improving effectiveness and reducing costs • EMC on standardizing controls in a de-centralized environment Live Blogging By Information-Security-Resources.com http://information-security-resources.com/2009-sox-evolution-compliance-conference/ Anthony M. Freed afreed536 25 24 1 0 urn:com:businessweek:bx:article:141970031499078707-313bacafa31a6739cb60917e0f8dfd6a 2009-05-05T11:35:06.494-04:00

The former management of scam-hit Satyam Computer Services had kept loopholes in its accounting software and left passwords unsecured to facilitate fraud, the Serious Fraud Investigation Office (SFIO), which is probing the scandal, has told the government. The software system for managing company’s financial accounting functions was deliberately made very complex for inflating profits, the SFIO said in its report.

The former management of scam-hit Satyam Computer Services had kept loopholes in its accounting software and left passwords unsecured to facilitate fraud, the Serious Fraud Investigation Office (SFIO), which is probing the scandal, has told the government. The software system for managing company’s financial accounting functions was deliberately made very complex for inflating profits, the SFIO said in its report. http://information-security-resources.com/2009/05/05/isr-news-satyam-books-designed-for-fraud/ Anthony M. Freed afreed536 11 9 0 2 urn:com:businessweek:bx:article:5776268566678588410-4eccb7c87a4268568d0667c27fb72106 2009-08-30T18:15:07.919-04:00

Radisson Hotels & Resorts has posted an open letter to its guests, informing them of a recent data breach but offering little additional information. The data that was accessed includes guests’ names and their credit card or debit card number and expiration date.

Radisson Hotels & Resorts has posted an open letter to its guests, informing them of a recent data breach but offering little additional information. The data that was accessed includes guests’ names and their credit card or debit card number and expiration date. http://information-security-resources.com/2009/08/30/radisson-hotels-customer-data-breached/ Anthony M. Freed afreed536 2 1 0 1 urn:com:businessweek:bx:article:3916646306123847099-b0329b306576cdd3f0fb048b1c1eeee3 2009-08-26T15:02:31.295-04:00

Any business, of any size, in any industry, in any location, is a possible target for PII theft and cybercrime if they possess any type of employee, customer or other consumer PII. Most businesses have PII. All businesses with PII need to make sure they provide due diligence to protect that PII.

Any business, of any size, in any industry, in any location, is a possible target for PII theft and cybercrime if they possess any type of employee, customer or other consumer PII. Most businesses have PII. All businesses with PII need to make sure they provide due diligence to protect that PII. http://information-security-resources.com/2009/08/26/identifying-sensitive-data-liabilities-for-biz/ Anthony M. Freed afreed536 0 0 0 0