CIO Enterprise Newsletter
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 CIO BlackBerry News and Tips
 CIO Research and Analysis
 CIO Microsoft
 CIO Insider
More Newsletters | Edit Profile
 
RSS Feeds »
 
 
LEADERSHIP
 
CIO Executive Programs
The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 
CIO Executive Council
A Peer-Advisory Service and Professional Association for CIOs

Public Council Teleconference: Application Rationalization — Hidden Costs and Smart Decisions

November 17 at 11:00 am US/Eastern (GMT-5)

Join Honorio Padrón, of The Hackett Group, who will share the drivers for companies to tackle application rationalization and the results of research that define the hidden cost of complexity. Additionally, we will discuss key decision milestones—to start or not, holding the course steady and fulfilling expectations.

Virtual Desktop Cost-Benefit Analysis — Michael Jacobs, Catlin Group

The analysis contained in this presentation measures the cost of everything from the machines and licenses to the infrastructure for virtual vs. traditional desktop environments.

Honor your best senior team members - Apply for the CIO Ones to Watch Award

Get well-earned public recognition for your top up-and-coming team members, your IT organization and your enterprise. Award winners will be announced, publicized and feted in May 2010, great timing to help attract new IT recruits to your company.

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 

buy a link »

Ads by TechWords
 
 
News Feature
 

Compliance: 10 Questions Your CEO Should Be Able to Answer

By Dan VertonThe insider threat today is not just about the security of your enterprise’s data. It’s also about knowing ...

 

November 16, 2005CIO

By Dan Verton

The insider threat today is not just about the security of your enterprise’s data. It’s also about knowing that your organization has developed the right policies and procedures to prevent inadvertent disclosures or blatant misuse of corporate computer resources from becoming a hole filled with legal quicksand.

Today’s regulatory environment is such that the stars are perfectly aligned for an example to be made of somebody—a company or government agency. And whoever the unfortunate soul is who sits atop the corporate chain of command at that time, he or she will wish they had taken the time to answer the following ten questions and implement the appropriate changes in their organization.

Question 1. What types of information must be protected by internal controls according to Sarbanes-Oxley?

Answer: Unauthorized disclosure of nonpublic data is a violation of federal securities laws. Information should be considered nonpublic if it isn’t widely disseminated to the general public, including electronic information. This information should be protected, but it should also be monitored to ensure it isn’t disclosed inappropriately.

Section 404 describes management’s responsibility for building internal controls around the safeguarding of assets related to the timely detection of unauthorized acquisition, use or disposition of an entity’s assets that could have a material effect on the financial statements. You need to demonstrate that you have the capabilities to monitor, detect and record electronic information disclosures.

Question 2. Since so much nonpublic information is communicated beyond e-mail based on the Simple Mail Transfer Protocol, how can we build internal controls to adequately detect the timely disclosure of information flowing over Web mail, chat or HTTP?

Answer: Management can’t ensure the truthfulness or accuracy of financial data if it doesn’t have the means to monitor the movement of sensitive information across the entire corporate network 24 hours a day, seven days a week.

Demand more from technology. New products are available that can monitor electronic disclosure of nonpublic information and aren’t limited to SMTP-based e-mail. These technologies can monitor, record and provide alerts on electronic disclosures by analyzing all information flowing over the corporate network from Web mail and chat to file transfer protocol and HTTP. This type of monitoring technology combined with a storage system that allows forensic searches into stored information can prove invaluable if an investigation is required.

Question 3. What are the penalties for exposing nonpublic information?

Answer: The use of nonpublic information concerning a company or any of its affiliates (a.k.a. "inside information") in securities transactions ("insider trading"), may violate federal securities laws. Penalties can include:

 
 
Loading...
 
WHITE PAPERS

Connecting Capital Planning, Construction, and Everything in Between

Finding and developing delivery efficiencies and increasing project productivity through the use of technology facilitate: proactive project management, risk management, the automation of key AEC business processes.
 

How to Accelerate ROI on Governance

Better manage GRC to focus on the strategic projects that will help your business succeed.
 

The Tripwire HIPAA Solution

Learn how Tripwire Enterprise helps meet the detailed technical requirements of HIPAA.
 

Beyond PCI Checklists: Securing Cardholder Data

How do organizations pass their PCI DSS audits yet still suffer security breaches?
 

Best Practices to Mitigate Risk

Make SOX Efforts More Effective
 

PCI Compliance

This paper explains how Red Hat technologies can meet or exceed the various requirements of PCI Compliance.
 

WEBCASTS

Enhance SAP

New research from AMR shows that SAP environments can be dramatically more efficient with the addition of document ...
 

Extending Client Refresh - 11 Steps to Maximize Savings

11 Steps to Maximize Savings
 

CIOs Weigh In On Virtualization

Date: November 19, 2009 Time: 2:00 PM EST

Jim Malone, Editorial Director of CXO Media's C...
 

Beyond Installing ITPM Software: How a global company reduced risk and successfully implemented ITPM

Hear directly from one of your peers who has reduced risk and successfully implemented ITPM in this Live Webcast. ...
 

IT Consolidation Made Easy

The Primary IT Initiative for Reducing Costs
 

Taking a Seat at the Executive Table: The Reality of Virtualization

This year, for the first time, the number of virtual machines is on track to exceed the number of physical machines...
 

Resource Alerts

Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.

 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Upgrading to VMware vSphere with vWire

Maximizing website Return on Information with high-quality search

Gartner Magic Quadrant, Application Delivery Controllers 2009

Authentication as a Service by Forrester Research

Learn How Web Site Performance Impacts Shopper Behavior

Build a Foundation for Unified Communications

Removing the Barriers to IT Governance: How On-Demand Software Changes the Game

Should Your Email Live In The Cloud? A Comparative Cost Analysis

Learn about the growing threat of insider data theft.

Adobe® LiveCycle® solutions for business process automation

10 Ways Excel Drives More Value from Your SAP Investment

The Key to Proving and Improving the Value of IT to the Company

Unleash the Power of Java with Oracle JRockit Real Time

Taking the Service Desk to the Next Level

Return on Information: Google Enterprise Search pays you back. Get the facts.

VMware. The source for Business Infrastructure Virtualization.

ShoreTel tells businesses to untangle from competitors' complexity and turn to its brilliantly simple UC solution

See how AT&T can help protect your network.

Streamline IT Costs. Boost Performance with WAN Optimization.

Build your 1st app FREE with Force.com

TDWI checklist helps define data readiness for analytics. Download report.

A Clear View Toward Virtualization

Virtualization Technology as a Business Solution

The rules of infrastructure management just changed.

A Clear View Toward Virtualization

Return on Information: Google Enterprise Search pays you back

ROI of Application Delivery Controllers

Making Consumer Two-Factor Authentication Simple and Cost-Effective

Webcast: Unleashing the Power of Customer Data

Disciplined Autonomy: Resolving the Tension Between Flexibility and Control

Enterprise Capture: Your Onramp to Business Process Automation

Cloud Computing--What is its Potential Value for Your Company?

Seven Design Requirements for Web 2.0 Threat Protection

How Consumerization of IT Will Make Your Business More Productive

How does a software company save big with Green IT?

Translate business strategy into IT strategy and obtain maximum benefits.

eBook: How Can You Make Your People Productive Anywhere?

Mind the Talent Gap: Global Survey on IT and HR trends and challenges

"Enterprise-Proven" is the Prerequisite for Enterprise SaaS Portal Solutions

AT&T Synaptic Storage as a Service. Expand on demand

Trend Micro ranked #1 against real-world malware. Read more.

Webinar: Jump-start your in-house e-discovery with Ringtail QuickCull from FTI Technology

Top Five CIO Challenges

Read the RSA report: Security for Business Innovation

64-page prescriptive guide to security, compliance, and IT operations.

Increase UPS efficiency without sacrificing protection.

eZine: A Roadmap to Reducing IT Complexity

Reduce risk, gain agility. See how Progress can help your business.

Virtualization Technology as a Business Solution

eZine: A Roadmap to Reducing IT Complexity