Looking for products?
Visa to launch its own Point-to-Point Encryption (P2PE) Service
Despite the media attention to viruses and other malicious software, a major source of vulnerability in the payment industry remains lack of cardholder data protection stored by merchants, acquirers, services provide
Details of the New HIPAA Audit Program Announced by the HHS
As expected, the HHS (the US Department of Health and Human Service) engaged KPMG to conduct the audits between now and end of 2012 while a second vendor was selected to support with the selection criterion for covered e
Compliance Labs News
|Understand the Cloud Threat Landscape|
Cyber attacks are on the rise. Companies both large and small are targeted daily by hackers seeking valuable data to monetize in the cyber underground. Recent reports show that 87% of organizations are making use of cloud infrastructure, while analysts predict spending will exceed $200 billion in 2016 (source: www.alertlogic.com).
|'Mobile Wallets 101': Your guide to the future of cardless transactions|
Financial institutions understood early on the importance of being "top of wallet" when it came to winning the "plastic war." Make your ATM, debit or credit card the go-to item for transactions and you're solid with that customer or member (source: www.mobilepaymentstoday.com)
|Privacy Impact Assessments: the CNIL publishes its PIA manual|
Article 34 of the French Data Protection Act provides that data controllers shall “take all useful precautions, with regard to the nature of the data and the risks of the processing, to preserve the security of the data…” (source: http://www.cnil.fr/)
|Regin: Top-tier espionage tool enables stealthy surveillance|
Regin is a multi-staged, modular threat, meaning that it has a number of components, each depending on others, to perform attack operations. This modular approach gives flexibility to the threat operators as they can load custom features tailored to individual targets when required. This analysis illustrates Regin’s architecture and the many payloads at its disposal (source: www.symantec.com).
|Key Findings from The Global State of Information Security Survey 2015 by PWC|
Given the nature and number of very prominent security breaches over the past year, it comes as no surprise that incidents reported by respondents to The Global State of Information Security® Survey 2015 continued a year-over-year rise (source: www.pwc.com).
|A Guide on How to Find Cardholder Data without Automated Tools for PCI Assessors|
During the course of an assessment, PCI Assessors must validate that the perceived compliance scope isin!fact accurately defined and documented. Automated discovery tools, while effective to find cardholder data, sometimes are not an option due to the negative impact they may have in a production environment. In this paper, the author discusses audit techniques and tips!on how to find cardholder data without using automated tools (source: www.sans.org).
|NIST releases report on cryptography expertise|
This report from Visiting Committee on Advanced Technology (VCAT) of the National Institute of Standards and Technology (NIST) to the NIST Director contains the VCAT’s recommendations on how NIST can improve the cryptographic standards and guidelines development process, in response to community concerns that a cryptographic algorithm in a NIST standard had been deliberately weakened (source: www.nist.gov).
|Greater oversight, deeper insight: Boardroom strategies in an era of disruptive change|
In this environment of ongoing, tumultuous change, organizations and their management and boards of directors must respond quickly and adeptly if they are to effectively address all the disruptive changes that surround and affect them. For boards of directors, this often requires greater oversight – expanding their scope to include activities and areas that were not traditionally part of their mandate. At the same time, boards must ensure that management provides them with deeper insights into the organization’s activities so directors can clearly understand all of potential opportunities and risks (source: www.deloitte.com).
|2014 Cost of Data Breach Study: Global Analysis|
IBM and Ponemon are pleased to release the ninth annual Cost of Data Breach Study: Global Study. According to the research, the average total cost of a data breach for the companies participating in this research increased 15 percent to $3.5 million. The average cost paid for each lost or stolen record containing sensitive and confidential informatio n increased more than 9 percent from $136 in 2013 to $145 in this year’s study (source: www.ibm.com).
|2014 Data Breach Investigations Report|
More incidents, more sources, and more variation than ever before—and trying to approach tens of thousands of incidents using the same techniques simply won’t cut it. Not only would the dominant incident characteristics drown out the subtleties of the less frequent varieties. Identified nine patterns that together describe 92% of the confirmed data breaches collected in 2013. Find it simply astounding that nine out of ten of all breaches observed by 50 global organizations over a full year can be described by nine distinct patterns (source: www.verizonenterprise.com).
|Cyber security is crucial for protection against threats for smart grids claims EU cyber security Agency in new report|
The EU’s cyber security agency ENISA signals that assessing the threats for smart grids is crucial for their protection and is therefore a key element in ensuring energy availability. This report provides a threat landscape affecting smart grid components. It takes stock of available cyber security and protection approaches as well as good practices in the field. The study also lists internal threats affecting IT smart grid assets, including a variety of threats emanating from errors and insider attacks (source: www.enisa.europa.eu).
|Improving SCADA System Security|
Several audits executed by governments on their critical infrastructures have illustrated a dangerous scenario. They demonstrate the lack of security mechanisms for the many systems located all over the world. But what is really concerning is the absence of a precise census of SCADA systems for many industrialized countries (source: www.infosecinstitute.com/).
|Window of exposure… a real problem for SCADA systems?|
Application of patches could have a significant effect on the operational behaviour of SCADA systems. When a patch is not tested thoroughly it can introduce unknowns into the system, which is not acceptable for an environment utilizing SCADA.SCADA systems are usually deployed to stay operable for a longer time than regular IT systems. During this time patches are required to correct security and functionality problems in software and firmware (source: www.enisa.europa.eu).
|Schemes for auditing security measures|
This report deals with the issue of how to enforce an adequate level of security across a sector of service providers. ENISA in this report presents an overview of the auditing schemes on security measures that exist across the globe: twelve different audit frameworks or certification schemes for auditing security measures, used in different settings and sectors, at ensuring that providers comply with certain security requirements. The conclusion introduces a single auditing model that captures the most common features, creating a preliminary meta-framework (source: www.enisa.europa.eu).
|FISMA Fallout: The State of the Union|
President Obama rates cyber threats as one of the most serious challenges facing our nation – consider the source and the context. As cyber threats become more sophisticated, it is increasingly clear that FISMA may not be enough to protect agencies from attacks. To combat today's cyber threats, agencies need a modern, dynamic approach that combines risk management, continuous monitoring, and real-time awareness (source: www.meritalk.com).
|Addressing Cyber Threats to Oil and Gas Suppliers|
The number and sophistication of attacks on U.S. oil and gas companies appears to be increasing. Likewise, their potential for inflicting damage on critical infrastructure is growing, with last year’s Shamoon virus illustrating the growing potency of cyber threats. Creating widespread destruction or disruption still remains difficult, and is probably out of reach for all but sophisticated state-based or state-supported actors (source: www.cfr.org).
|Protiviti 2013 Sarbanes-Oxley Compliance Survey|
As the Sarbanes-Oxley Act enters its second decade, organizations with the most effective and efficient compliance capabilities are learning from the past, rather than repeating it. In fact, despite its relative maturity, SOX continues to pose new challenges for public companies. Key findings from Protiviti’s 2013 Sarbanes-Oxley Compliance Survey reveal that the best compliance efforts remain spry and seek to build value as well as increase effectiveness (source: www.protiviti.com).
|2013 Electric Grid Vulnerability Survey by the Staff of Congressmen Edward J.Markey and Henry A. Waxman|
The last few years have seen the threat of a crippling cyber-attack against the U.S. electric grid increase significantly. To inform congressional consideration of this issue, Representatives Edward J. Markey and Henry A. Waxman requested information in January 2013 from more than 150 investor-owned utilities (IOUs), municipally-owned utilities, rural electric cooperatives, and federal entities that own major pieces of the bulk power system. This report is based upon those responses (source: markey.house.gov).
|2013 Verizon Data Breach Investigations Report (DBIR)|
Verizon’s 2013 Data Breach Investigations Report (DBIR) provides truly global insights into the nature of data breaches that can help organizations of all sizes to better understand the threat and take the necessary steps to protect themselves. The breadth and depth of data represented in this year’s DBIR is unprecedented. It combines the efforts of 19 global organizations: law enforcement agencies, national incident-reporting entities, research institutions, and a number of private security firms — all working to study and combat data breaches (source: www.verizonenterprise.com).
|Key findings from The Global State of Information Security Survey 2013 by PWC|
The Global State of Information Security Survey 2013 is a worldwide study by PwC, CIO magazine, and CSO magazine. It was conducted online from February 1, 2012, to April 15, 2012. The results discussed in this report are based on the responses of more than 9,300 CEOs, CFOs, CISOs, CIOs, CSOs, vice presidents, and directors of IT and information security from 128 countries (source: www.pwc.com).
|Five Questions on Risk Assessment by Deloitte|
Assessment is the technique companies use to determine the significance of individual risks in light of business goals. In this issue of Risk Angles, Deloitte & Touche LLP offers her thoughts on some questions the executive team should consider asking about the risk assessment process and takes a closer look at risk prioritization, probabilities, and appetite (source: http://www.deloitte.com).
|Fiscal Year 2012 FISMA Implementation Report to Congress|
Threats to Federal information – whether from insider threat, criminal elements, or nation states – continue to grow in number and sophistication, creating risks to the reliable functioning of our government. The Fiscal Year 2012 FISMA Implementation Report provides OMB’s 2012 assessment on what agencies have achieved from in FISMA-related information security in the previous fiscal year, Of particular interest is the number of security incidents that are being reported to the US Computer Emergency Readiness Team (source: www.whitehouse.gov).
|PCI Council Released PCI DSS Cloud Computing Guidelines|
This document provides guidance on the use of cloud technologies and considerations for maintaining PCI DSS controls in cloud environments. This guidance builds on that provided in the PCI DSS Virtualization Guidelines and is intended for organizations using, or thinking of using, providing, or assessing cloud technologies as part of a cardholder data environment (source: www.pcisecuritystandards.org).
|PCI Council Released PCI DSS E-Commerce Security Guidelines|
This guide is intended for merchants who use or are considering the use of e-commerce technologies in their cardholder data environment as well as any third-party service providers that provide e-commerce services, e-commerce products, or hosting/cloud services for merchants. This guide may also be of value for assessors reviewing e-commerce environments as part of a PCI DSS assessment (source: www.pcisecuritystandards.org).
|ONC released a "Guide to Privacy and Security of Health Information"|
The Office of the National Coordinator for Health Information Technology released a "Guide to Privacy and Security of Health Information". The guide is designed to help healthcare practitioners, staff, and other professionals better understand the important role privacy and security environment in the use of electronic health records (source: www.healthit.gov).
|Getting to grips with Pillar 3 Paper by PWC|
The implementation date for Solvency II looks set to be postponed to allow more time for assessment and agreement on a number of key issues. But the reporting and disclosure requirements are unlikely to see material changes. What this paper seeks to do is to outline the issues insurers will need to consider and the next steps towards implementation. We explore the common misconceptions as it is easy to misjudge or under-estimate some of the key strategic and implementation challenges (source: http://www.pwc.com).
|Risk Assessment in Practice Paper by Deloitte & Touche LLP|
Enterprises require a risk assessment process that is practical, sustainable, and easy to understand. The process must proceed in a structured and disciplined fashion. It must be correctly sized to the enterprise’s size, complexity, and geographic reach. While enterprise-wide risk management (ERM) is a relatively new discipline, application techniques have been evolving over the last decade. The purpose of this paper is to provide leadership with an overview of risk assessment approaches and techniques that have emerged as the most useful and sustainable for decision-making (source: http://www.coso.org).
|Risk culture Under the Microscope Guidance for Boards|
The continuing parade of organisational catastrophes (and indeed some notable successes) demonstrates that frameworks, processes and standards for risk management, although essential, are not sufficient to ensure that organisations reliably manage their risks and meet their strategic objectives. What is missing is the behavioural element: why do individuals, groups and organisations behave the way they do, and how does this affect all aspects of the management of risk? (source: http://www.theirm.org).
|Deloitte paper: Shaping a Risk Intelligent Strategy|
This paper is written for boards of directors and senior executives – the people responsible, in their capacity as strategic leaders, for identifying and responding to the killer risks and game-changing opportunities that face an enterprise. In this paper, we discuss why boards and directors often suffer from an incomplete understanding of strategic risk – and what they can do to avoid being blindsided by the unexpected (source: http://www.deloitte.com).
|Analysis of 42 studies showing that implementing ISO 9001 does enhance financial performance|
In 1987, ISO published the first ISO 9000 series of quality management standards (QMS). Since then, more than one million organizations in 178 countries have achieved ISO 9001 certification. But have they enjoyed financial benefits from doing so ? This article summarizes key results from 42 scientific studies showing that implementing the standard does indeed enhance financial performance - but organizations aiming at real internal quality improvements gain more than those using ISO 9001 as a “ quick fix ” in response to quality problems or customer pressure (source: http://www.iso.org).
|ACI Global Consumers React to Rising Fraud|
The ACI Worldwide Impact Report, based on a Q3 2012 study of 5,223 consumers in 17 countries, provides an overview of respondents’ attitudes toward various types of financial fraud and discusses the actions they may take subsequent to a fraud experience. Where applicable, it also compares these results with those from a similar 2011 ACI survey (source: http://www.aciworldwide.com).
|PCI SSC Releases Mobile Payment Acceptance Security Guidelines|
The purpose of this document is to educate stakeholders responsible for the architecture, design, and development of mobile apps and their associated environment within a mobile device that merchants might use for payment acceptance. Developers and manufacturers can use these guidelines to help them design appropriate security controls within their software and hardware products. These controls can then be applied to mobile payment-acceptance environments, thus supporting the deployment of more secure solutions (source: http://www.pcisecuritystandards.org).
|Preparing for Solvency II: Three key questions insurers need to address early|
Addressing Solvency II, and especially its qualitative and reporting requirements, remains an important focus for European insurers. How can insurers find the right balance between leveraging their internal IT resources and applications and the technology offered by expert system providers? Following a quick update on the Solvency II roadmap and recent implementation work, this white paper provides key perspectives on these questions (source: www.simcorp.com).
|Who is Responsible for Data Protection in the Cloud?|
For the first time, Ponemon Institute is pleased to present the findings of Encryption in the Cloud. In this study, Ponemon Institute surveyed 4,140 business and IT managers in the United States, United Kingdom, Germany, France, Australia, Japan and Brazil.2 The purpose of the presented research is to examine how organizations go about protecting a plethora of information assets entrusted to cloud providers (source: www.ponemon.org).
|NIST's draft on Intrusion Detection and Prevention Systems (IDPS)|
NIST's draft on Intrusion Detection and Prevention Systems (IDPS) describes software that has become a necessary addition to the security infrastructure of many organizations. IDSPs record information about observed security-related events, notify security administrators of the events that should be analyzed further, and produce reports for evaluation (source: csrc.nist.gov).
|2012 Business Banking Trust Study|
The May 2012 survey of nearly 1,000 owners and executives of small-and medium-sized business (SMBs) found that fraud is widespread. In approximately two of every three efforts, approximately half of attacks result in money being lost. As a result, businesses are losing confidence in their FIs' fraud prevention practices and are switching some or all of their banking business to other FIs (source: info.guardiananalytics.com).
|F-Secure Mobile Threat Report Q2 2012|
This report discusses the mobile threat landscape see in the second quarter of 2012, and includes statistics and details of the mobile threats that F-Secure response labs have seen and analysed during that period. The data presented in this report were collected between 1 April-27 June 2012 (source: www.f-secure.com).
|HIPAA Security, Privacy and Breach Notification Audit Protocol|
OCR established a comprehensive audit protocol that contains the requirements to be assessed through these performance audits. The entire audit protocol is organized around modules, representing separate elements of privacy, security, and breach notification. The combination of these multiple requirements may vary based on the type of covered entity selected for review ( source: www.hhs.gov).
|Data Management and Solvency II|
As demonstrated with Basel II implementations in banks, data management activities are critical, representing almost 80 percent of the work involved in compliance. And experience has proven that Solvency II is similar. Data management activities help ensure all data is consolidated, managed and validated prior to starting work on risk calculations in both Basel II and Solvency II (source: www.sas.com).
|The Monetary Authority of Singapore (MAS) Issued Revised Code of Corporate Governance|
The Code of Corporate Governance was introduced in 2001 to promote a high standard of corporate governance among listed companies in Singapore. The intent was to progressively evolve the Code, and ensure its relevance to a changing investor environment and market developments (source: www.mas.gov.sg).
|Achieving a Return on your Solvency II Investment|
Insurance companies across Europe preparing for the implementation of Solvency II risk missing this one-off opportunity to achieve a return on the substantial investment made in complying with the regulations, according to a publication released by Towers Watson (source: www.towerswatson.com).
|Draft of Cybersecurity Risk Management Process (RMP) Guideline Released|
The Risk Management Process guideline is written with the goal of enabling organizations—regardless of size or organizational or governance structure—to apply effective and efficient risk management processes and tailor them to meet their organizational requirements (source: energy.gov).
|MasterCard Payment Application Data Security Standard (PA-DSS) Mandate|
Effective 1 July 2012, MasterCard will revise the MasterCard SDP Program Standards to require all merchants and Service Providers that use third party-provided payment applications to only use those applications that are compliant with the Payment Card Industry Payment Application Data Security Standard (PCI PA-DSS), as applicable (source: www.mastercard.com).
|Progress report on Basel III implementation|
At its September 2011 meeting, the Basel Committee agreed to commence a process to review members’ implementation of Basel III. Full, timely and consistent implementation of Basel III will be fundamental to raising the resilience of the global banking system (source: www.bis.org).
|Ponemon Institute's 2011 Cost of Data Breach Study Released|
Symantec Corporation and Ponemon Institute are pleased to present 2011 U.S. Cost of Data Breach. While Ponemon Institute research indicates that data breaches continue to have serious financial consequences for organizations, there is evidence that organizations are becoming better at managing the costs incurred to respond and resolve a data breach incident (source: www.syamantec.com).
|NIST has released the first public draft of Security and Privacy Controls for Federal Information Systems and Organizations, SP 800-53|
To handle insider threats, supply chain risk, mobile and cloud computing technologies, and other cybersecurity issues and challenges, NIST has released Security and Privacy Controls for Federal Information Systems and Organizations, Special Publication (SP) 800-53, Revision 4 (Initial Public Draft). The document is considered a principal catalog of security standards and guidelines used by federal government agencies that NIST is required to publish by law (source: www.nist.gov).
|Dodd-Frank Guide to 12 Critical Issues|
The American Bankers Association prepared a guide which highlights 12 of the most important Dodd-Frank issues that will see action in 2012, to help community bankers prepare for, respond to and manage regulatory pronouncements that could have a significant impact on their institutions (source: www.aba.com).
|Tokenization Guidance: How to Reduce PCI Compliance Costs|
This white paper is the result of dozens of interviews; hundreds of hours of research; and a deep dive into the deployment, auditing, and scope reduction concerns people have regarding tokens. Recommendations were vetted with as many qualified assessors as possible to ensure the advice will hold up to PCI requirements with minimal friction during the assessment process (source: www.protegrity.com).
|New Solvency II Compliance Study: How European Insurers are Preparing for Industry Transforming Legislation?|
Solvency II’s overriding objective is to protect insurance policyholders and beneficiaries. It aims to put risk management at the heart of the insurance process. The new legislation will change the way all data used to calculate risk is collected, as well as how risk is assessed and how the Solvency Capital Requirement (SCR) is determined and reported (source: www.intedelta.com).
|Visa Recommended Practices for EMV Chip Implementation in the U.S.|
As issuers, acquirers, merchants, processors and vendors plan and begin programs to adopt chip technologies, Visa has developed recommended practices to provide guidance on the implementation choices that seem most appropriate for the U.S. market and facilitate reduced complexity, cost and time to market (source: usa.visa.com).
|Protected Health Information (PHI) Breaches Trends for 2012|
Despite increased compliance with the HITECH Act and other federal regulations, healthcare data breaches are on the rise. Many hospitals and healthcare organizations in this study believe they have insufficient security and privacy budgets, and affected patients are not always receiving the privacy care they are promised (source: www.idexpertscorp.com).
|Blueprint for a Secure Cyber Future: The Cybersecurity Strategy for the Homeland Security Enterprise|
The Blueprint for a Secure Cyber Future builds on the Department of Homeland Security Quadrennial Homeland Security Review Report’s strategic framework by providing a clear path to create a safe, secure, and resilient cyber environment for the homeland security enterprise (source: www.dhs.gov).
|White House Plans Cloud FedRAMP Updates|
Cloud computing offers a unique opportunity for the Federal Government to take advantage of cutting edge information technologies. The White House officially released a memorandum on the Federal Risk and Authorization Management Program (FedRAMP) a highly anticipated security framework that will accelerate the adoption of cloud computing in government (source: www.cio.gov).
|Cybersecurity and Information Privacy Challenges of the Electric Grid|
Increased data communications throughout the electric grid will introduce new cybersecurity risks and challenges, to both local and wide-scale grid systems. This MIT study aims to provide a comprehensive, objective portrait of the U.S. electric grid and the identification and analysis of areas can contribute to meeting the challenges the grid is facing (source: mit.edu).
|KPMG survey: Embracing the Cloud|
Cloud is creating new business opportunities as companies harness its power to facilitate new revenue, services and businesses. This KPMG survey shows an increased readiness to accept and exploit the benefits of Cloud. Most agree that Cloud offers strategic benefits, and these look likely to transform business models to offer serious competitive advantage (source: www.kpmg.com).
|Insurance Solvency II Update by KPMG|
KPMG updates on Solvency II timelines and key regulatory developpments, Pillars survey, Own risks and solvency assessment (ORASA) key principles, scope of the consultation papers, quantitative reporting template (source: www.kpmg.com).
|Smartphone Secure Development Guidelines|
The smartphone secure development guidelines was produced jointly with the OWASP mobile security project and written for developers of smartphone apps as a guide to developing secure apps. It may however also be of interest to project managers of smartphone development projects (source: www.enisa.europa.eu).
|Solvency II Benchmarking Survey by KPMG|
The results of the survey show that insurers are increasingly starting to deal with the wider business implications of Solvency II. 78 percent feel that their programmes are on track and encouragingly 61 percent have seen their Solvency II budgets remain at the same level as originally forecast (source: www.kpmg.com).
|Cloud Security Alliance Published Guidance Version 3|
The Cloud Security Alliance (CSA) today unveiled the third version of its Security Guidance for Critical Areas of Focus in Cloud Computing. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely (source: www.cloudsecurityalliance.org).
|EPC sets out Sepa m-payments guidelines|
The m-payment guidelines is aimed at readers who require more detail on implementation guidance for mobile contactless payments covering business, technical, security and legal aspects. This document, defining the implementation guidelines for mobile contactless card payments, aims to reflect the current state of the art at the time of specification (source: www.europeanpaymentscouncil.eu).
|Ernst & Young’s 2011 Global Information Security Survey|
The Ernst & Young Global Information Security received feedback from nearly 1,700 participants in 52 countries and across all industry sectors. The increased level of participation in our 2011 survey demonstrates that information security is still one of the most important issues facing organizations today (source: www.ey.com).
|Global State of Information Security Survey by PricewaterhouseCoopers|
Threats to security—like the weather—are hard to predict. Many executives point to the sunshine and clear skies overhead. Others eye the low barometric pressure (source: www.pwc.com).
|Progress report on Basel III implementation|
This report, as part of the process, provides an update on the regulatory adoption of Basel III by each Committee member (source: www.bis.org).
|Clearing the clouds - Shining a light on successful Enterprise Risk Management|
The challenge for most enterprises is how to implement an ERM program, instill a culture prepared to deal with risk events and learn from inevitable mistakes (source: www.ibm.com).
|111 Individuals Charged in Massive International Identity Theft and Counterfeit Credit Card Operation|
Credit card fraud and identity theft are two of the fastest growing crimes in the United States, afflicting millions of victims and costing billions of dollars in losses to consumers, businesses and financial institutions(source: www.queensda.org).
|Mobile Money 2011 by Ernst & Young|
Ernst & Young probes the big questions facing leaders of telcos, technology, retail and banking, as they consider opportunities in the mobile money space (source: www.finextra.com).
|CSA Cloud Controls Matrix with NERC CIP Requirements|
The Cloud Security Alliance Cloud Controls Matrix (CCM) is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider (source: cloudsecurityalliance.org).
|Clarity in the Cloud: the Impact, Opportunity and Risk of Cloud|
The cloud is commonplace, but its scope varies widely. Over half of the businesses and government enterprises surveyed have already conducted either a full (24%) or partial (35%) cloud implementation of some functions (source: www.kpmg.com).
|FY 2011 Office of Inspector General FISMA Audit of GSA’S IT Security Program|
This audit report presents the results of the Office of Inspector General’s fiscal year (FY) 2011 audit of GSA’s IT Security Program and reflects results from three system security audits conducted during the year and other tests. Appendix A provides the objective, scope, and methodology for the audit (source: www.gsaig.gov).
|Going further with Solvency II - The Unipol Group story|
The risk management department of the Unipol Group began a project to become compliant with the European Union’s Solvency II Directive – a set of new financial regulations for the insurance industry (source: static.mega.com).
|How to Solve the Solvency II Challenge|
Solvency II rules will see a shift in business attitude from a compliance-based culture to a risk management culture because it will stimulate and reward more comprehensive risk management practices (source: thomsonreuters.com).
|Managing the Benefits and Risks of Cloud Computing|
The risks of Cloud computing are driven primarily by the handling — or lack thereof — for sensitive information among Cloud providers (source: www.itpolicycompliance.com).
|Sepa, it's just the beginning|
Hansjörg Nymphius, chairman of the EBA, discusses Sepa and the European Union (source: www.finextra.com).
|Secure financial cloud|
Chris Pickles, head of Industry Initiatives - Global Banking & Financial Markets at BT, discusses whether security and the financial cloud go together at Sibos 2011 (source: www.finextra.com).
|The impact of Basel III - Sibos 2011 panel|
J.P. Morgan, SmartStream and Deutsche Bank discuss liquidity management at Sibos 2011 (source: www.finextra.com).
|Liquidity and Basel III - hype vs reality|
Orlando B. Hanselman, director, risk and compliance at Fiserv looks at the hype vs reality with Basel III at Sibos 2011 (source: www.finextra.com).
|Anti-Corruption Practices Survey 2011|
Although relatively few executives were very confident about the effectiveness of their anti-corruption programs, almost 90 percent said their company had an anti-corruption policy (source: www.deloitte.com).
|Verizon 2011 Payment Card Industry Compliance Report|
The report describes where these organizations stand in terms of overall compliance with the DSS and presents analysis around which specific requirements are most and least often in place during the assessment process (source: www.verizonbusiness.com).
|Mobile App Security Study: Alarming Findings!|
viaForensics study results have been alarming, as many mobile app developers store sensitive data in plain text. Released findings to the public will help inform consumers about the apps they may be using (source: viaforensics.com).
|Two New Publications Provide a Cloud Computing Standards Roadmap and Reference Architecture|
The National Institute of Standards and Technology (NIST) has published two new documents on cloud computing: the first edition of a cloud computing standards roadmap and a cloud computing reference architecture and taxonomy (source: www.nist.gov).
|Data Quality in the context of Solvency II|
There is more to data quality than meets the eye. Poor quality compromises the performance and efficiency of operational processes and systems leading to reduced competitive advantages (source: www.kpmg.com).
|KPMG Global Anti-Money Laundering Survey|
Banks operating in multiple jurisdictions are making significant changes to their business models in response to the far-reaching global initiatives such as those regulations imposed under Basel III and Dodd-Franck that are changing the landscape they face (source: www.kpmg.com).
|NIST Releases Special Publication 800-30 Revision 1: Guide for Conducting Risk Assessments|
In today’s world of complex and sophisticated threats, risk assessments are an essential tool for organizations to employ as part of a comprehensive risk management program. (source: csrc.nist.gov).
|FISMA Shift from the Once-a-year Reporting Process to a Monthly Reporting|
These Effective next month, agencies must load data from their automated security management tools into CyberScope on a monthly basis for a limited number of data elements. (source: www.whitehouse.gov).
|ROC Reporting Instructions for PCI DSS v2.0|
These ROC (Report On Compliance) Reporting Instructions identify the information and level of detail to be recorded in each section of the ROC. (source: www.pcisecuritystandards.org).
|The survivors’ guide to Solvency II|
The Survivors’ Guide to Solvency II has been prepared by subject matter experts from PwC. Drawing on our work with clients and regulators, the focus is on the practicalities rather than the technicalities, along with the implications for the management of the business. (source: www.pwc.com).
|The PCI Security Standard Council Publishes Set of PCI Point-to-Point Encryption Solution Requirements|
The PCI Point-to-Point Encryption Solution Requirements document provides requirements for vendors, assessors and merchants, that wish to build and implement hardware-based point-to-point encryption solutions that support PCI DSS compliance. (source: www.pcisecuritystandards.org).
|Risk Appetite & Tolerance Guidance Paper|
Risk appetite should be developed in the context of an organisation’s risk management capability, which is a function of risk capacity and risk management maturity (source: www.theirm.org).
|Audit Committee Guidance for European Companies|
An effective audit committee can be a key feature of a strong corporate governance culture bringing significant benefits to an organization (source: www.ecoda.org).
|Achieving Comprehensive Health IT Privacy and Security|
Achieving full HIPAA compliance and satisfying the meaningful use requirements may sound daunting, but it is very much a goal within reach (source: www.csc.com).
|Annual Report to Congress on Breaches of Unsecured Protected Health Information|
The report provides an overview of the breach notification requirements, as well as a discussion of the reports the Secretary received as a result of these of the breaches that occurred in calendar years 2009 and 2010 (source: www.hhs.gov).
|Why should the U.S. insurance industry care about Solvency II?|
Although Solvency II is an EU regulatory initiative, it will have both direct and indirect implications to the U.S. insurance industry (source: www.kpmg.com).
|The Benefits of Continuous Monitoring|
Business executives recognize the need to continuously monitor their business operations to limit their exposure to operational and compliance risk, especially in this environment of accelerating change and complexity (source: www.infogix.com).
|Possible Unintended Consequences of Basel III and Solvency II|
Basel III and Solvency II should improve the stability of these connections, but could have unintended consequences for cost of capital, funding patterns, interconnectedness, and risk migration (source: www.imf.org).
|Magic Quadrant for Enterprise Governance, Risk and Compliance Platforms|
The EGRC platform market has expanded from a tactical focus on regulatory compliance to a strategic focus on enterprise risk management (source: www.gartner.com).
|US bank consortium develops social media framework|
BITS has developed this paper to provide financial services companies with insight into the various risks associated with the deployment and use of social media (source: www.bits.org).
|2011 AFP Payments Fraud and Control Survey|
Despite a dramatic shift toward electronic B2B payments and the adoption of preventative techniques, payments fraud has remained persistent (source: www.afponline.org).
|FSA Report: Banks’ management of high money-laundering risk situations|
How banks deal with high-risk customers (including politically exposed persons), correspondent banking relationships and wire transfers (source: www.fsa.gov.uk).
|Dodd-Frank Act: how will the Act affect IT?|
The Dodd-Frank Act and other regulation related to securities and investments will collectively have a major impact on the technology and operational decisions of financial institutions (source: www.simcorp.com).
|EMVCo published 'A guide to EMV'|
EMVCo, the EMV standards body collectively owned by AMEX, JCB, MasterCard and Visa, has launched a paper entitled 'A Guide to EMV' to provide an overview of the EMV Specifications, processes and the role of the technology within the context of the payments industry (source: www.emvco.com).
|HIPAA/HITECH GlobalSign Survey|
Organizations need to thoroughly evaluate technologies before making a purchase and deploying. They need to make sure that the solutions they implement can respond to stringent requirements imposed by auditors while actually protecting data and patient privacy (source: www.globalsign.com).
|Google Mobile Wallet|
Google is to launch field trials of its much anticipated Google Wallet NFC Android app in partnership with VeriFone, MasterCard, Citi, Sprint and First Data (source: www.finextra.com).
|<< Prev||1||2||3||4||5||6||7||8||9||Next >>|