illuminated padlock on laptop screen

The SEC’s Latest on Disclosures

Posted by - April 17, 2018
New Guidance Mandates Greater Attention to Cybersecurity Planning The SEC’s recently issued guidance is just the latest indication that government regulators want companies to improve both their overall cybersecurity and incident response and notification procedures. Businesses must adopt and maintain the types of systems and procedures described in the guidance…
file folders connected by a server

Why Organizations Need an Information Asset Register

Posted by - April 11, 2018
Guidance for Information Governance Guardians Every business relies on information assets to assist with daily functions. Today’s increased cybersecurity risks call for organizations to monitor their data closely in an effort to classify and protect it. While this is a difficult task to undertake, companies can to utilize an Information…
biometric screening of a thumbprint

New SEC Guidance Prioritizes Cybersecurity Disclosures for Public Companies

Posted by - April 6, 2018
The Case for a Risk-Based Approach New SEC rulings on cybersecurity disclosures for public companies went into effect just a month ago, acknowledging the rapidly evolving nature of cybersecurity threats and the increasing sophistication of attacks, including the use of stolen credentials, malware, ransomware and phishing. The overwhelming number of corporate breaches…
hacker behind multiple computer screens

Who Is Watching The Watchmen?

Posted by - March 29, 2018
CFTC Penalizes Registrant for Outsourced IT Security Lapses Last month, the CFTC settled charges against an organization for its failure to ensure the security of its’ customers’ records and information. The registrant’s third-party vendor gained unauthorized access to more than 90,000 records, and the CFTC’s charges make clear the risks…
venn diagram illustrating overlapping interests

SEC & FINRA: 4 Shared Regulatory Priorities

Posted by - March 19, 2018
Where Firms Should Concentrate Compliance Efforts In the past few months, both the SEC and FINRA issued guidance concerning their regulatory priorities for the coming year. Both of the agency’s annual priorities letters address a large number of diverse topics. Experts from Baker Donelson discuss where the SEC’s and FINRA’s concerns…
dominos converging

To Mitigate Information Risk, Security and Compliance are Converging

Posted by - March 19, 2018
Collaboration Needed to Effectively Manage Data Security Cyber exposure at all levels of business operations, from financial transactions to customer service and customer apps, is increasing. At the same time, new regulations regarding the governance of data are posing higher potential fines, to the point of also posing a threat…
shipping sticker reading fragile, handle with care

“Antifragility” and an Evolutionary Perspective on Risk

Posted by - March 9, 2018
In the 21st Century, Organizations Make Their Own Luck Organizations must be able to weather shocks, and they should act in ways that allow them to adapt, growing stronger as a result of their adaptability. Bill Murray, Senior Researcher and Advisor at Leading Edge Forum, explains the three core organizational…
woman lying in bed awake at 3 am

4 Risks that Keep Your CIO Up at Night

Posted by - February 23, 2018
How Compliance Can Help Effective business continuity planning starts with honest assessments of risk areas, plus resolve, resources and funding to address those risks. For the past 10 years, we’ve conducted primary research on business continuity and resilience, focusing specifically on IT systems, given their essential role to the functioning…
meltdown alert

Lessons Learned from Meltdown and Spectre

Posted by - February 13, 2018
4 Best Practices to Protect Your Business It’s been weeks since the Meltdown and Spectre vulnerabilities took the security world by storm, yet we’re still living in a state of chaos and confusion. The best “fix” for these bugs is still forthcoming, and patches should be implemented once they’re available.…
virus infecting insecure system

Lack of Investments in Training and IT GRC Holding Back Cybersecurity Maturity, Finds MetricStream Survey

Posted by - February 8, 2018
51 percent of enterprises report low maturity of security training 62 percent of enterprises without IT GRC solutions report low security readiness, as opposed to only 25 percent of those with IT GRC solutions Palo Alto, Calif. (February 8, 2018) – MetricStream, the independent market leader in governance, risk and compliance (GRC)…
concept of the world at war

Are We Winning the Battle Against Bribery and Corruption?

Posted by - February 8, 2018
with co-authors Paul Nash and Arturo del Castillo A Region-by-Region Analysis Organizations around the world are increasingly facing a diverse range of fraud-, cyber- and security-related challenges across a variety of sectors. The 10th edition of the Kroll Global Fraud & Risk Report (The Kroll Report) found that as compliance professionals…
digital padlock above tablet

7 Cybersecurity Predictions for 2018

Posted by - February 8, 2018
The Inherent Risk (and Reward) of Innovation This year, cybersecurity officers must rethink their end-to-end security ecosystem. Top priority will be identifying and addressing evolving vulnerabilities to people, processes, technologies and service providers. It’s time both to re-evaluate the overarching security strategy and to take a more security-minded approach from…