Blog

What does Cyber Security Information look like?

• New threats:
• A Leading indicator of Risk...Threats are all around us, why count them?
  • What haven't we seen before -what we don't know can hurt us
  • Are new threats arriving faster?
  • Is the pattern normal?
• Security backlog:
• Identify - Protect - Detect - Respond - Recover...Repeat!
  • A workload measure - how much work is there for my security operations team?
  • Is the "haystack" of events becoming overwhelming?
  • How well is the capacity of my team being utilized?

• Defen

Five key areas of risk in related to CLM:

• Can you quickly search, locate and track your agreements or report on key data points?  (On average, companies use 5% of their revenue as costs of CLM)
  • Secure, central repository
  • Capture contract type centric data
  • Report on key data points
• Key dates and obligatiions
  • Proactive email alerts.
  • Action item tracking.
  • Calendars and to do lists.
• Business rules and compliance
  • Create business rules and workflows.
  • Analyze requirements and KPI's.
  • Uncover bottlenecks while impro

Internal Audit (IA) is uniquely positioned to use its cross functional / external perspective to provide strategic guidance to the business while balancing the need to perform its traditional work.

Align IA with the most significant business risks:

• Lead the enterprise wide business risk assessment focused on business risk, not solely financial statement or auditable risks.
• Keep the business risk assessment refreshed with emerging risks and business changes.
• Set the audit plan to address highest pote

The Here and Now:

Cyber-attacks

Regulations

Around the Corner:

Talent avaialbity

Fiscal crises, sustainability demands and social instability

On the Horizon:

Climate change, water crises, large scale involuntary migrations.Emerging technologies

Strategy is about making choices.  Think about:

What creates Value in your organization?

How is value Captured?

How is Strategy set, communicated and executed?

What is the actual Attitude towards risk management?

Does the organization's Culture support a strategic ris

Ransomware thieves sure know how to pick their victims—institutions that store loads of highly critical data that they need on a daily basis, that without—even just 24 hours without—can have crippling effects. This form of cybercrime is growing by leaps and bounds.

Recently a ransomware attacker struck the network of the University of Calgary. An article at arstechnica.com says that the institution’s IT experts have made some headway in isolating the ransomware infection and making some restorati

Technology / Cyber Threat Detection:

Solution:  Software that aids in detection that is sophisticated, bidirectional, real time and predictive.

How do we gauge the solution's efficacy?  Look at a number of solutions and triangulate among them; look at number of actual events versus false positives.  

Lessons learned:
Detection:  Data vs intelligence
Accuracy:  No or minimal false positives
Accountability
Actionable
Simple and Customizable Rules Management
Response time and SLA

Last year, we blogged about how to develop a successful ERM program. An important goal is fostering a risk-based company culture. This means everyone, not just the appointed risk managers, assimilates risk awareness and works it into their job description. That said, there are many factors that contribute to a healthy, risk-managing culture.

One of those factors is board support. We often stress that “front-line” employees (who oversee everyday activities) are a vital yet often overlooked resour

If you have a strong password for your Amazon account, you may still want to consider beefing up the security with two-factor verification (or authentication), which will prevent a thief from accessing your account (which is possible if he gets ahold of your password and username somehow).

• Log onto your Amazon account.
• Have your mobile phone with you.
• Click “Your Account.”
• Scroll down where it says “Settings—Password, Prime & E-mail.”
• Click “Login & Security Settings.”
• Go to “Change Account Settings”

I recently authored a whitepaper for the Society of Actuaries 2016 Risk Symposium, exploring the strategic value of risk management.

Here is the Abstract:  

Many top-performing businesses aren’t just risk aware, but rather risk intelligent. Such a posture helps prepare companies for a major event and can demonstrate to a regulator or auditor that an appropriately strong control framework is in place.

Better still, companies gain real strategic value from a “risk adjusted” understanding not only of

Let’s cut to the chase:

• Regularly back up the phone’s data! If this is done every day, you won’t have to worry much about losing important information if something happens to the phone—such as a ransomware attack.
• Keep the phone’s software and applications updated.
• Delete apps you no longer use, as these can reveal your GPS coordinates and garner data about you.
• Never post about your vacation while you’re on vacation.

But there’s more:

• Employ the device’s password-protect function (which may even be a

Ever peruse Craigslist for a new home? Nothing against Craigslist for doing that, but that’s where Coty Houston and David Yost happened to find a very alluring four-bed home for sale; looked perfect for their five young kids.

Then they all got squashed by a bomb: The man who sold it to them was not a licensed Realtor. Matthew Boros, however, used to be a real estate agent, but he never renewed his license. But this time, he had climbed through the house’s window (after placing an ad for it on Cra

Considering the current climate is loaded with regulatory and market changes, funds transfer pricing frameworks must be adapted in such a way to account for this without losing competitive edge. In order to optimise the practice of FTP, banks need to understand how it can be implemented alongside evolving regulations and market changes. This marcus evans conference will show banks how to shape their FTP methodologies according to regulations such as the liquidity and capital regulations and appl

Considering the current climate is loaded with regulatory and market changes, funds transfer pricing frameworks must be adapted in such a way to account for this without losing competitive edge. In order to optimise the practice of FTP, banks need to understand how it can be implemented alongside evolving regulations and market changes. This marcus evans conference will show banks how to shape their FTP methodologies according to regulations such as the liquidity and capital regulations and appl

IRS

• The e-mail (or phone call) says you owe money; if you don’t pay it immediately, you’ll be put in jail or fined.The scammer may know the last four digits of the victim’s Social Security number.
• Caller ID will be spoofed to look like the call is from the IRS.
• The e-mail will include an IRS logo and other nuances to make it look official.
• The scammer may also have an accomplice call the victim pretending to be a police officer.
• The victim is scared into sending the “owed” money—which goes to the thi

The days of using a computer to access your bank account, using a password, may be coming to an end, to be replaced entirely (as some experts believe) with a fingerprint or face scan using a smartphone.

The smartphone employment of such biometrics will drastically reduce hacking incidents, but will be problematic for those who do not own a mobile device. Major banks are already offering the fingerprint scan as a login option.

Other biometrics currently in use by banks are the eye scan, facial reco

Entrepreneurs can successfully plan, launch and manage their own Regulation Crowdfunding campaigns and extend those campaigns beyond the reach of Title III of the Jumpstart Our Business Startups (JOBS) Act.

“Regulation Crowdfunding has significantly leveled the playing field for raising capital, but it has serious limitations,” said Timothy Daniel Hogan, CEO of Commonwealth Capital.  “For example, a company seeking capital through Regulation Crowdfunding can only use Regulation Crowdfu

Malevolent advertising is called malvertising. The “ad” is placed on a website by cybercriminals who want control of your computer for financial gain.

And the real scary thing about malvertising is that these trick-ads have appeared on trusted, popular websites like the Weather Network, BBC, NFL and the New York Times.

Oh, and it gets worse: The malicious ad can be hidden, unseen by the site visitor, thanks to a special html code that allows the bad ad to be inside legitimate content. This trick-c

Our team at RiskMinds Live uncover the burden of a principles-based regulation, BCBS-239, with Krishnan Ranganathan ahead of this year’s RiskMinds Asia conference in Hong Kong this October…

What is BCBS-239?

During the financial crisis, banks were unable to understand quickly and accurately their overall exposures and other risk metrics having a bearing on their key risk decisions. In January 2013, BCBS-239 was introduced as a principles-based regulation to address this issue and improve the risk