-
Technology Service Providers and the new SOC reports
What do all of the 2012 changes to the IT Examination Handbooks have in common? They are all, directly or indirectly, related to vendor management. I had previously identified vendor management as a leading candidate for increased regulatory scrutiny in 2012, and boy was it. (Not all of my 2012 predictions fared as well, I’ll…
-
Risk Assessing iCloud (and other online backups) – UPDATE 2, DropBox
Update 2 (8/2012) – Cloud-based storage vendor DropBox confirmed recently that a stolen employee password led to the theft of a “project document” that contained user e-mail addresses. Those addresses were then used to SPAM DropBox users. The password itself was not stolen directly from the DropBox site, but from another site the employee used. …
-
2012 Compliance Trends, Part 5 – Uncertainty (UPDATE)
Similar to my previous post on Risk Assessments, I believe Uncertainty is also a 2-part trend: – Uncertainty about future regulatory changes, and – Uncertainty about the interpretation of existing regulations
-
2012 Compliance Trends, Part 2 – Vendor Management
In my first post in this series I discussed training (employee and customer) as a good candidate for increased regulatory scrutiny in 2012. Although these posts are in no particular order, I had initially intended to list “Management” as the next trend. However a comment made to me by a banker at a recent conference…