First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Privacy Compliance and Management

Guidelines on the National Security Review of Investments

With the highly anticipated release of its Guidelines on the National Security Review of Investments, the Canadian government has finally shed some light on circumstances which may draw investors and parties involved in the investment into the realm of a national security review.

 

, , , , , , , , ,

How much cyber risk should an organization take?

I did a video with Joe McCafferty of MISTI last month. I am interested in whether you share my views. I also have some questions for you—after you watch the video.

 

, , , , , , , ,

Biometric data: What if you “lost” your fingerprint?

Biometric authentication is becoming increasingly common. Smartphones and computers use it, banks have started to use it, and recently MasterCard began rolling out “selfie pay” allowing users to authenticate online payments by using their face at the point of sale. Biometric authentication refers to the validation of a user’s identity by measuring physical or behavioral characteristics. Biometric samples may include fingerprints, retinal scans, palm scans, face and voice recognition.

 

, , , , , , ,

Blockchain and privacy: Transparency and innovation pose challenges for data protection

A blockchain is a peer network of nodes that use a distributed ledger that can be used to track transactions involving value including money, votes, property, etc. The most well-known application of blockchain technology is bitcoin. Transactions on a blockchain are not regulated by any central counterparty: the individuals involved in a given transaction provide their information (including personal information), a record is created that can be verified by nodes in the network. In this sense, the users forming the community act as their own regulators.

 

, , , ,

Why do so many practitioners misunderstand risk?

My apologies in advance to all those who talk about third–party risk, IT risk, cyber risk, and so on. We don’t, or shouldn’t, address risk for its own sake. That’s what we are doing when we talk about these risk silos. We should address risk because of its potential effect on the achievement of enterprise objectives.

 

, , ,

Copyright year in review 2016

This article highlights noteworthy Canadian copyright law decisions and developments from 2016.

 

, , , , , , , , , , , , , , ,

Selecting software to help manage user access risk

I believe software is essential in managing user access risk, not only for SOX but also for other business risks. In fact, the potential harm from inappropriate access is typically greater for other business risk (such as the possibility of disruption of activities such as revenue generation or manufacturing, reputation risk, and the protection of valuable intellectual property) than it is for SOX.

 

, , , ,

Adequacy of Canadian privacy law

Potential amendments could mean Canadian businesses receiving personal information from Europe will have more exposure to the differences in the data protection laws and enforcement regimes in the EU member states.

 

, , , , , ,

Not–for–profits and charities: 4 New Year’s resolutions

Many people feel that New Year’s resolutions are passé, particularly since so many resolutions go unachieved each year. But, a resolution is essentially a plan to tackle something of importance, and planning is often half the battle. The following are 4 resolutions that can help strengthen charities and other not–for–profits in 2017.

 

, , , , ,

CASL and private right of action

Canada has the most onerous anti–spam/anti–malware law (CASL) in the world. In less than a year, July 1, 2017, it is going to become even worse. That’s when the private right of action comes into force.

 

, , , , , , , , , , ,

Top 10 most read Inside Internal Controls posts 2016 & Season’s Greetings

We are signing off with a list of the top 10 most read Inside Internal Controls posts 2016. Privacy issues and director’s liability seem to have been hot topics this year with several blog posts on the topics making it on the list. The top 10 most read Inside Internal Controls posts 2016 Director’s liability […]

 

, , , , , , , , , , , , , , , ,

Cybersecurity best practices for connected cars

Some of the most significant concerns with connected vehicles are cybersecurity and privacy protection. These concerns were the main impetus behind the creation in the US of the Auto Information Sharing and Analysis Centre (ISAC) by a group of US automakers in July of 2014. The group allows its members to share information about threats and vulnerabilities, conduct analysis and develop industry solutions. The Auto ISAC has now released its “Automotive Cybersecurity Best Practices”.

 

, , , , , , , , , , , , , , ,

Closing your business for the holidays

The holidays are quickly approaching. However, leading to that point of unwinding can be stressful for many business owners, with the balancing of family demands and workplace year–end pressures. Regardless of such amounting pressures, businesses should not neglect their responsibilities to employees and clients before closing for the holidays.

 

, , , , ,

Previous Posts