Network, Systems and Data Security
December 4, 2019 Apolone Gentles, JD, CPA,CGA, FCCA, Bsc (Hons) Accounting Systems and Controls, Backup and Disaster Planning, Board of Directors, Process and Responsibilities, Business and Legal Issues, Charities, Cyberlaw, Internet Law, E-Commerce, Fraud and Corruption, IT, Privacy and Security, Leadership and Management, Mobile Device Management, Network, Systems and Data Security, Not for Profit, Privacy Compliance and Management, Social Media/Social Networking, Systems and Data Management,
Not-for-profits have numerous opportunities to leverage information technology (IT), from social media to cloud computing and beyond.
Baseline security controls, cloud computing, CyberSecure, CyberSecure Canada, Cybersecurity, passphrases, passwords, phishing, SOC 3
December 2, 2019 Norman D. Marks, CPA, CRMA Backup and Disaster Planning, Business and Legal Issues, Cyberlaw, Internet Law, IT, Privacy and Security, Leadership and Management, Network, Systems and Data Security, Privacy Compliance and Management, Sales, Marketing and Operations, Systems and Data Management,
A couple of recent pieces shed some light, some amazing light, on how cyber-related risk is perceived by executives and the board.
cyber, cyber risk, cyber security, Cyber threats, enterprise risk-based approach, risk management, risk-based approach to cybersecurity
November 25, 2019 Norman D. Marks, CPA, CRMA Accounting Systems and Controls, Backup and Disaster Planning, Business and Legal Issues, Corporate Governance, E-Commerce, Finance and Accounting, Fraud and Corruption, IT, Privacy and Security, Leadership and Management, Network, Systems and Data Security, Sales, Marketing and Operations,
Only when the business impact is understood does it make sense to get into the details of which risks to which information assets should be mitigated and how.
cyber breach, cyber risk assessment, mitigating risk, risk assessments, risk evaluation, risk heat maps, risk to objectives
November 4, 2019 Norman D. Marks, CPA, CRMA Backup and Disaster Planning, Budgeting and Auditing, Business and Legal Issues, Corporate Administration, Corporate Governance, E-Commerce, Finance and Accounting, Fraud and Corruption, IT, Privacy and Security, Leadership and Management, Mobile Device Management, Network, Systems and Data Security, Privacy Compliance and Management, Sales, Marketing and Operations, Systems and Data Management,
There’s another useful article on Forbes. How to talk to the board about cybersecurity is written by an experienced CIO, John Matthews. Here are some useful excerpts with my highlights:
breach notification, breach prevention, cyber risk, cyber security, Cybersecurity, cybersecurity risks, risk management policy, risk of a breach, risk of data breaches
October 1, 2019 Norman D. Marks, CPA, CRMA Backup and Disaster Planning, Budgeting and Auditing, Business and Legal Issues, Corporate Governance, E-Commerce, Finance and Accounting, IT, Privacy and Security, Leadership and Management, Network, Systems and Data Security, Sales, Marketing and Operations,
There’s an interesting article in the Harvard Law School Forum on Corporate Governance and Financial Regulation. What the Capital One Hack Means for Boards of Directors has some interesting insights that merit the attention of risk, cyber, audit, and governance practitioners.
corporate governance, cyber attack, cyber defence, cyber prevention, cyber risk, cybercrime, Cybersecurity, digital interconnectivity, financial regulation, risk management
September 27, 2019 McCarthy Tétrault LLP Accounting Systems and Controls, Business and Legal Issues, Corporate Governance, Cyberlaw, Internet Law, E-Commerce, Finance and Accounting, Financial Compliance / Planning / Management, Fraud and Corruption, IT, Privacy and Security, Network, Systems and Data Security, Privacy Compliance and Management, Records Management and Retention,
FATF issues guidance on virtual assets
Anti-money laundering, FATF, Financial Action Task Forc, Internal Controls, virtual assests, virtual currency
September 16, 2019 Norman D. Marks, CPA, CRMA Backup and Disaster Planning, Business and Legal Issues, IT, Privacy and Security, Leadership and Management, Mobile Device Management, Network, Systems and Data Security, Sales, Marketing and Operations, Systems and Data Management,
It is not sufficient to say that cyber risk is high, medium, or low. The leaders of the organization need to be able to figure out what is the right level of resources to allocate to cyber defense and response; what is the right level of attention at board and executive committee level; and what should be communicated to shareholders and others.
cyber defence, cyber risk assessment, cyber risk management
September 13, 2019 McCarthy Tétrault LLP Accounting Systems and Controls, Business and Legal Issues, Finance and Accounting, Fraud and Corruption, IT, Privacy and Security, Network, Systems and Data Security, Privacy Compliance and Management, Records Management and Retention,
On July 10, 2019, final amending regulations were issued amending each of the existing regulations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act.
cross-border currency transfers, electronic funds transfers, foreign money services businesses, money laundering, prepaid cards, Proceeds of Crime (Money Laundering) and Terrorist Financing Act, virtual currency
September 4, 2019 Apolone Gentles, JD, CPA,CGA, FCCA, Bsc (Hons) Business and Legal Issues, IT, Privacy and Security, Mobile Device Management, Network, Systems and Data Security, Privacy Compliance and Management, Software Acquisition, Implementation and Maintenance, Systems Acquisition, Maintenance and Disposal, Uncategorized,
Organizations often make the mistake of considering the disposal of hardware only when they are ready to discard equipment, if at all. Instead, they should plan for hardware disposal throughout the entire systems development lifecycle, from acquisition and testing through to operations.
Apolone Gentles JD CPA CGA, COBIT 2019, degaussing, disposal of hardware, hardware disposal, Internet of Things, IoT, IT asset disposal, ITAD, managed assets - BAI09.03 Manage the asset life cycle, National Institute of Standards and Technology, NIST, sanitization, Special Publication 800-88 Revision 1
August 12, 2019 Norman D. Marks, CPA, CRMA Backup and Disaster Planning, Business and Legal Issues, IT, Privacy and Security, Leadership and Management, Network, Systems and Data Security,
The experts continue to bombard us with their advice, insight, and guidance for addressing cyber.
cyber, cyber exposure, cyber risk, cyber risk assessment, cyber risk management
July 22, 2019 Norman D. Marks, CPA, CRMA Backup and Disaster Planning, Business and Legal Issues, Corporate Administration, IT, Privacy and Security, Network, Systems and Data Security, Privacy Compliance and Management, Sales, Marketing and Operations, Social Media/Social Networking,
Facebook Data Exposure Offers Critical Lesson for Internal Auditors makes some good points, including:
data collection, data integrity, data management, data managment best practices, data mining, data sharing, internal audit, strategic risk management
July 19, 2019 McCarthy Tétrault LLP Accounting Systems and Controls, Budgeting and Auditing, Business and Legal Issues, Finance and Accounting, Financial Compliance / Planning / Management, Fraud and Corruption, IT, Privacy and Security, Network, Systems and Data Security,
While the right financing structure can be a critical advantage to any cannabis-related business, it is also important to remember that there are legal considerations involved, including in respect of anti-money laundering (AML) matters.
Anti-money laundering, cannabis, FINTRAC, Proceeds of Crime (Money Laundering) and Terrorist Financing Act
July 8, 2019 Norman D. Marks, CPA, CRMA Accounting Systems and Controls, Backup and Disaster Planning, Budgeting and Auditing, Business and Legal Issues, Corporate Administration, Corporate Governance, Finance and Accounting, Financial Compliance / Planning / Management, Fraud and Corruption, IT, Privacy and Security, Leadership and Management, Network, Systems and Data Security, Privacy Compliance and Management, Sales, Marketing and Operations,
Internal audit can assist management by facilitating a fraud risk assessment. Management should make the decision both on the level of risk and whether it is acceptable. Internal audit can provide their opinion and advice on both.
enterprise objectives, enterprise risk management, fraud detection, fraud prevention, fraud risk, fraud risk assessment, fraud risk factors, fraud-prevention controls, risk management, risk to objectives
June 24, 2019 Norman D. Marks, CPA, CRMA Accounting Systems and Controls, Backup and Disaster Planning, Business and Legal Issues, Corporate Administration, Corporate Governance, Finance and Accounting, IT, Privacy and Security, Leadership and Management, Network, Systems and Data Security, Systems and Data Management,
A cyber breach can affect an organization in many ways, from trivial to devastating. There is a range of potential effects, each with its own likelihood.
cyber attack, cyber breach, cyber risk, Cyber threats, cybercrime, Cybersecurity, Data breach, enterprise objectives
June 10, 2019 Norman D. Marks, CPA, CRMA Accounting Systems and Controls, Backup and Disaster Planning, Budgeting and Auditing, Business and Legal Issues, Corporate Administration, Corporate Governance, Finance and Accounting, IT, Privacy and Security, Leadership and Management, Network, Systems and Data Security,
I am planning a meeting with the CRO from a company during which I had planned to share some of the principles of effective risk management, based on what is considered world-class, and the governance of risk management by the board.
governance plan, governance practices, performance management, risk culture, risk management, risk management strategy, risk to objectives, strategic objectives