First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Cybersecurity

Biometric data: What if you “lost” your fingerprint?

Biometric authentication is becoming increasingly common. Smartphones and computers use it, banks have started to use it, and recently MasterCard began rolling out “selfie pay” allowing users to authenticate online payments by using their face at the point of sale. Biometric authentication refers to the validation of a user’s identity by measuring physical or behavioral characteristics. Biometric samples may include fingerprints, retinal scans, palm scans, face and voice recognition.

 

, , , , , , ,

Not–for–profits and charities: 4 New Year’s resolutions

Many people feel that New Year’s resolutions are passé, particularly since so many resolutions go unachieved each year. But, a resolution is essentially a plan to tackle something of importance, and planning is often half the battle. The following are 4 resolutions that can help strengthen charities and other not–for–profits in 2017.

 

, , , , ,

Cybersecurity best practices for connected cars

Some of the most significant concerns with connected vehicles are cybersecurity and privacy protection. These concerns were the main impetus behind the creation in the US of the Auto Information Sharing and Analysis Centre (ISAC) by a group of US automakers in July of 2014. The group allows its members to share information about threats and vulnerabilities, conduct analysis and develop industry solutions. The Auto ISAC has now released its “Automotive Cybersecurity Best Practices”.

 

, , , , , , , , , , , , , , ,

Cybersecurity: CSA issues new guidance

Cybersecurity is top of mind for corporate boards and securities regulators alike. On September 27, 2016, the Canadian Securities Administrators (CSA) issued CSA Staff Notice 11-332 – Cyber Security (2016 Notice). The 2016 Notice updates the CSA’s previous notice on the same topic, CSA Staff Notice 11-326 Cyber Security for reporting issuers, registrants and regulated entities.

 

, , , , , ,

Public Safety Canada calls for submissions on new national cybersecurity strategy

On August 16, 2016, Public Safety Canada (“PSC”) issued a consultation paper, launching a public consultation as part of PSC’s development of an updated national cybersecurity strategy. The consultation will close on October 15, 2016. Businesses may want to consider making submissions in respect of some key questions posed around possible regulation or standard-setting regarding Internet of Things and connected devices, certification for E-commerce activities, and information sharing (especially in respect of critical infrastructure).

 

, , , , , , , , , , , , , ,

Internal audit and cyber risk

Deloitte has published good work. One of my favorites is their risk-intelligent white paper series. Recently, they released Cybersecurity and the role of internal audit. It has both superior and inferior advice. Let me walk through it.

 

, , , , , , , , , ,

Hospital privacy breach results in OSC laying charges

The Ontario Securities Commission has announced a series of criminal and quasi-criminal charges following an investigation related to the misuse of confidential patient information from the Rouge Valley Health System and the Scarborough Hospital.

 

, , , , , , ,

Cybersecurity in the boardroom: The new reality for directors

Not long ago, cybersecurity was a term rarely, if ever, heard in the boardroom. Rather, information security was deemed to be a risk managed solely by the chief information or technology officer. Those days are gone. With the litany of high profile cybersecurity hacks—and the potential resulting drop in shareholder value, regulatory inquiries and litigations which inevitably follow—cybersecurity has become an increasingly challenging risk that boards must address.

 

, , , , , , , , , ,

Good cybersecurity means good info governance

Cybersecurity: the word conjures up images of software engineers in lab coats feverishly analyzing cryptographic code in an effort to thwart an attack from a country somewhere on the other side of the globe. Seemingly daily reports of major data breaches are now coupled with warnings about a cybersecurity “talent gap,” meaning that there is […]

 

, , , , , , , , , , , , , , , , , , , , , , , , , , , , ,