September 16, 2009 by itgrc
After 14 years working at IBM and 13 years as the Principal for the Unisys GRC business unit, James Finn will be the new VP of Risk Management at Modulo, the leading provider of IT GRC solutions.
In his new position, Mr. Finn will be responsible for the company’s new solutions focused on Enterprise Risk Management, Operational Risk, Business Continuity, Policy and Compliance, in order to enhance Modulo Risk Manager software sales in the US and meet its client needs.
Considering his 27 years experience in security and disaster recovery consulting, managing and delivering enterprise solutions, Modulo will sure raise its profit.
To read more about this, access the full article at Reuters
http://www.reuters.com/article/pressRelease/idUS238264+08-Sep-2009+PRN20090908
Posted in Business Continuity, GRC, IT GRC, compliance, risk management | Leave a Comment »
Vulnerability management is one of the essential components of risk management and is vital to ensuring ongoing policy compliance of critical assets. In order to provide a better solution, Modulo and Qualys established a partnership in order to integrate Qualys Vulnerability Management and Policy Compliance solution and Modulo`s Risk Manager™, to deliver comprehensive security risk and compliance management capabilities to Modulo’s global customers. To know more about the partnership access the full article at: http://www.reuters.com/article/pressRelease/idUS244040+13-Aug-2009+BW20090813
Posted in GRC, IT GRC, compliance | Tagged compliance, management, Modulo, partnership, policy, Qualys, risk, security, vulnerability | Leave a Comment »
The 2009 Modulo GRC Meeting, the premier networking event for Governance, Risk and Compliance professionals promoted by the IT GRC solutions provider, Modulo, will take place in Rio de Janeiro – Brazil, from August 13 to 16. The events’ theme will be Integration and Collaboration. During the four-day event, executives from all over the world will share and discuss GRC best practices throughout panels, round table sessions, workshops and small conferences.
Among the speakers, will be Venkat Raghavan, IBM’s Director of Security, risk management and compliance, Nichola Tiessenga, member of the ISACA Certification Council and Bob Russo, General Manager of the PCI Security Standards Council.
To know more about the event, access the official website: www.grcmeeting.com
Posted in GRC, IT GRC, PCI, compliance, risk management | Tagged Bob Russo, Brazil, companies, ISACA, IT GRC, Modulo, Nichola Tiessenga, risk management, Venkat Raghavan | Leave a Comment »
With Fall Flu Season threatening to hit a larger number of people with a second wave of Influenza A (H1N1), organizations are increasing its efforts and investments on new and more effective IT GRC solutions, in order to better address risk and crisis management. Modulo Risk Manager™ automates the process required for minimizing the risks of contamination through a series of guidelines to prevent potential damages and losses.
Influenza A has impacted the worldwide economy – in United States alone, the swine flu outbreak hit all 50 states earlier this spring. The potential pandemic impact in the Fall Season is worrying not only US private and public entities but the population itself is increasingly becoming concerned about the health situation in the country.
To read more about this access de article published at Reuters
Posted in Business Continuity, IT GRC, compliance, risk management | Tagged Business Continuity Plans, compliance, crisis, Flu, H1N1, IT GRC, pandemic, risk management, security | Leave a Comment »
When it comes to metrics, most IT leaders find it hard to pick the right one to report to the company’s executives. That said, decisions rely on the cost of IT and how to reduce it, which leads to continuous cost reductions and limits innovation opportunities. In order to help these business decision makers, the Forrester Institute developed a white paper called Forrester’s Five Essential Metrics for Managing IT.
According to the paper, the 5 metrics to be followed are:
Alignment of IT Investments To Business Strategy
Cumulative Business Value of IT Investment
IT Spend Ratio — New Versus Maintenance
Critical Business Service Availability
Operational Health
Jason Hiner, Editor in Chief of TechRepublic, posted a video explaining Forrester’s indication.
Posted in Business Continuity, IT GRC, compliance | Tagged Business Continuity Plans, Business Intelligence, business strategy, compliance, Forrester, governance, GRC, investments, IT GRC, Jason Hiner, metrics, risk management | Leave a Comment »
Last week, the Internet advertising industry announced what they consider to be tough new standards for how it collects and uses data about the behavior of Internet users. The main idea is to create some guidelines in order to enhance the users’ knowledge about the data related to them controlled by the advertisers.
Nowadays, when you visit Web sites, you’ll see many ads posted, delivered by different companies, each of which can collect information about where you are surfing, trade that data with other companies and use it to show you ads on different sites. Some ideas have already been rejected, but could be a good way to inform Internet users about ad targeting and give them better controls, such as the following: self-explanatory ads, better visibility of the data collected about the user, browsers should help enforce user choices about tracking and also, some information are too sensitive to track.
Posted in IT GRC, compliance, information security | Tagged ads, companies, compliance, control, data, guidelines, industry, information, Internet, knowledge | Leave a Comment »
A report signed by the consulting firm Lord & Benoit, based on 415 publicly held insurance companies financial reportings over 5 years, showed lots of weaknesses in internal controls, problems that have to be solved in order to comply with various SOX-type provisions. According to the text:
“Proper accounting for income taxes, including the allocation of its income tax provision (benefit) among income from continuing operations and other comprehensive loss, and significant audit adjustments and segregation of duties.
Further deficiencies included accounting of insurance policy benefits, liabilities for insurance products, value of policies enforced at the effective date, revenue recognition, actuarial reporting processes and recording of certain reinsurance transactions with affiliated companies. Reportable IT weaknesses included access to information technology applications and infrastructure, unauthorized users, lack of policies and procedures governing information technology, security, and logging and monitoring of servers and databases.”
To read more Melissa Aguilar’s full article access her blog at Compliance Week
For further information on the weaknesses in ICFR among insurers access Lord & Benoit full report: http://www.section404.org/UserFiles/File/Lord%20%20Benoit%20Report%20NAIC%20Model%20Regulation.pdf
Posted in IT GRC, compliance | Tagged audit, business, Financial, insurance companies, IT GRC, security, SOX, technology | Leave a Comment »
The PCI Security Standards Council (PCI SSC) is requesting organizations a feedback on its payment industry guidelines to help the institution in the development of the new version of Payment Card Industry Data Security Standard (PCI DSS). PCI SSC is providing a form which should start to be distributed electronically this Wednesday (July 1st) to its members.
Throughout this online tool all the comments received will be used to gather information for revising the future edition of the standard, which may be release in the Fall of 2010.
Posted in IT GRC, PCI, compliance | Tagged compliance, development, industry, IT GRC, payment, PCI, security | Leave a Comment »
New compliance rules will have a major impact on the second half of 2009. Changes to state data protection laws or major cybersecurity or smart-grid initiatives will be some of the regulatory compliance trends for 2009. A number of directions for regulatory reform, including the formation of a “council of regulators”, were suggested by Luis Aguilar.
To read more about this please click here:
To have specific information about the subject on the regulations click here:
Posted in GRC, IT GRC, compliance, information security, risk management | Tagged compliance, cybersecurity, governance, GRC, information security, IT GRC, regulations, risk, risk management, security, solution | Leave a Comment »
Posted in Business Continuity, IT GRC, PCI, compliance, information security, risk management | Tagged Business Continuity Plans, compliance, governance, GRC, information security, IT GRC, PCI, risk, risk management, security | Leave a Comment »
Older Posts »
