Why is Technology GRC so difficult? “There are only two types of companies: those that know they’ve been compromised, and those that don’t know.” I am sure you have heard some variation of this quote variously attributed to John Chambers (former CEO of CISCO) or to Dmitri Alperovitch (formerly of McAfee) So, why is it […]
Why do Enterprises Struggle with Technology Compliance? In the last year, I have talked to leaders such as CXOs, VPs, Technology Heads and CISOs in medium and large organizations to understand how they track and establish if they are doing all they should be doing to secure their Technology assets. The topic of discussion was […]
As a provider of software solutions and in recent years hosting them on the cloud, we follow security standards diligently. In fact, that is a part of our deliverables to our customers. This write-up comes from the experience of being responsible for the security of our own information assets and those of our customers’. Ensuring […]
In IT compliance, control over data sharing is a major preventive step against accidental or intentional data breaches. Here are a couple of cases that could have been avoided with better control over data sharing. Roger Duronio was a UBS Wealth Management systems administrator. In 2006, he used a “logic bomb” to damage the company’s […]
Major public-facing companies have fallen victim to unauthorized individuals gaining access to sensitive data. Here are three famous cases which describe on the result of an authorized person gaining access or someone not being careful while granting access to the most sensitive data. Case 1 – Pennsylvania Department of Education — mis-assigned permissions In February 2018, […]
How is it that when I buy insurance or make a financial transaction, I immediately begin receiving contacts from companies offering similar products and services? They know me, my email ID, and sometimes my phone number. Is it an example of data or information theft? An insider theft? How many times do we hear about […]
Compliance has a cost. But non-compliance can be costlier. It could run into millions and billions as in the case that Ford Motor Co. is currently fighting. Ford Motor Co. said in June 2021 that it could face up to $1.3 billion in penalties in a long-running dispute over import duties paid on Ford Transit […]
In the last blog, I have covered Impact of Data Protection and Data Localization Regulations, one of the key trends unfolding across multiple geographies. There is one more trend slowly and silently taking the central stage, and will dictate how and where the companies need to focus in the next decade. The business world will […]
“Change is the only constant in life.” – Heraclitus. The Greek Philosopher’s words aptly apply to compliance as well. The latest developments in compliance are no less than paradigm shift. I have written about the impact of 2018 EU GDPR regulation in one of my previous blogs. GDPR has forced many companies to change their […]
In the previous two blogs we saw how Protection of Rights and Economic rationales influence public policies and compliance regime. In addition to these two reasons, companies set certain internally designed business policies for the betterment of the business. An example to internal compliance is when the accounts department follows the company’s policy and reconciles […]
“We welcome regulations and are very happy to comply!” rarely said any business leader ever. Often compliance is seen as unnecessary burden, and sometimes, it is felt to be detrimental to the growth of business. Some of the key questions around compliance come to our mind: Why compliance is needed? Who is protected and safeguarded […]
