Search

In July, Capital One reported a breach that compromised the personal information for about 100 million customers. A former employee of a third-party service stole the data earlier in the year and Capital One initially discovered the theft from a tip.  While data breaches and cyber attacks are now almost routine news, this incident serves…

Guest Blog by Michael Rasmussen, Research Analyst at GRC 20/20 Research Business today is changing minute-by-minute and second-by-second. Processes and technology and their configurations are changing. Employees and their access into systems are changing as they are hired, change roles, inherit rights, and ultimately leave the organization. Transactions and vendors are changing. The pace of…

Guest Blog by: Vijan Patel, Director, Technology Consulting, Enterprise Application Services, Protiviti John Scaramucci, Associate Director, Technology Consulting, Enterprise Application Services, Protiviti Click here to read the full blog on Protiviti’s web site In today’s growing remote workforce, companies are faced with the challenge of scaling centralized authentication and user provisioning, while at the same…

It was just about a year ago that we wrote about the Capital One breach. The personal information for approximately 100 million customers was compromised. The company is still dealing with the aftermath as the Office of the Comptroller of the Currency just announced an $80 million fine. They blamed the company for failing to keep…

As part of FERF’s and Pathlock Technologies’ ongoing research into ICFR, we have created a program to automatically review all quarterly public filings and highlight those companies that have reported a material weakness. We are aggregating that information into meaningful data to show trends for you to review. Material weaknesses continued a cyclical pattern of…

Do you know what applications your employees have access to and what they’re actually doing with that access? NJ Transit is yet another organization that found out the hard way what can happen if you don’t. An NJ Transit supervisor just pleaded guilty to stealing $2.1M by creating vendors and then paying them. These vendors…

The Sarbanes-Oxley Act of 2002 (SOX) was designed to protect investors from fraudulent accounting practices at public corporations. While a win for investors, the act created an increased regulatory burden on businesses, requiring strict protections to guard against fraud. Because the cost of non-compliance with SOX can be high (e.g., reputational damage, stock drop, remediation…

Are you looking for an Identity and Access Management (IAM) solution? You’re spoiled for choices. With the IAM market expected to hit +$24 billion by 2025, vendors are eager to create Identity and Access Management solutions to meet modern security needs. In fact, there are well over a hundred Identity and Access Management solutions with…

Any meaningful endeavor is always accompanied by risk, and running a business is no exception. 40 years ago, the only industries that actively managed risk were banking and manufacturing. But in the last two decades, the nature, speed, and sophistication of both internal and external threats have increased dramatically. Much of this can be credited…