Friday, June 11, 2010

IT Governance Expands US Offering With New ANSI Deal

IT Governance (ITG) is expanding the company’s international presence with a new deal to sell American National Standards Institute (ANSI) standards through: The standards are a vehicle for the adoption of ISO27000 standards in the US. ITG, the one-stop shop for compliance expertise, already has similar reseller agreements with leading standards bodies including IEC (International Electrotechnical Commission) and BSI (British Standards Institution). Alan Calder, Chief Executive of IT Governance, says: “We continue to grow and grow. This deal proves, yet again, that ITG offers an unparalleled range of compliance expertise, both online and in person.” ITG will particularly concentrate on selling ANSI’s IT-related standards, although the new agreement actually allows the company to sell ANSI’s entire range of standards. Calder continues: “We’ll be selling the ANSI standards both as stand-alone products and within the US versions of our very popular information security management system toolkits.

“It’s great to know that ANSI recognizes the quality of ITG USA as a distributor. I’m sure we’ll be welcoming new customers as a result of this deal. Our many established US customers already know that we offer a top-class service – a broad range of publications at industry-leading prices – through a site that is easy to navigate and use. We increasingly offer downloadable products alongside traditional hard copies, which is not only convenient, but also brings environmental benefits.”

ANSI is the voice of the US standards and conformity assessment system. The Institute oversees the creation and use of thousands of standards and guidelines that directly impact businesses in nearly every sector of US industry. ANSI is the official US representative to the International Organization for Standardization (ISO). The Institute’s mission statement is: “To enhance both the global competitiveness of US business and the US quality of life by promoting and facilitating voluntary consensus standards and conformity assessment systems, and safeguarding their integrity."

Thursday, June 10, 2010

The Network and BDO Consulting Release the 2010 Corporate Governance Benchmarking Report

The Network, Inc. and BDO Consulting released the 2010 Corporate Governance and Compliance Hotline Benchmarking Report. The Network and BDO Consulting closely examined compliance hotline-related activity from 2005 to 2009 in order to provide a comprehensive overview of the critical ethics and compliance issues facing organizations. Following a surge of in-house fraud reporting from first quarter 2006 (10.9 percent) to first quarter 2009 (20.6 percent), fraud-related incident reporting leveled at 20.2 percent in first quarter 2010, according to the benchmarking report. Personnel management incidents, which include a variety of human resources matters, remain the leading incident category across all industries. The category also includes incidents related to wage and hour and management interaction.
“The goal of this annual benchmarking report is to identify emerging best practices for hotlines and other reporting mechanisms and to provide a framework by which readers can assess their own compliance programs,” said Luis Ramos, chief executive officer of The Network. “As the economy rebounds, many organizations worldwide are focusing on risk identification, management and mitigation to provide a strong platform for growth.” The 2010 Corporate Governance and Compliance Hotline Benchmarking Report reflects the largest pool of data to-date with 524,628 reports over a five-year period from 2005 to 2009. In 2009, 117,303 reports were pulled from 1,101 organizations with more than 13 million employees. The data is compiled from actual incidents reported by clients of The Network and was analyzed by BDO and The Network. Download this new report via The Network's web site


Monday, June 7, 2010

ISACA White Paper Presents Top Five Social Media Risks for Business

ISACA today named the top five social media risks for business and recommended solutions to help businesses address security, customer service and corporate reputation risks raised by their employees’ use of social media—on the job and off. Developed by a team of global ISACA experts, the white paper goes beyond the traditional look at social media in the workplace to address employees’ use of social media outside of work. It also provides detailed how-to tips for effective social media governance. 
“Historically, organizations tried to control risk by denying access to cyberspace, but that won’t work with social media,” said Robert Stroud, CGEIT, international vice president of ISACA and vice president of IT service management and governance for the service management business unit at CA Technologies. “Companies should embrace it, not block it. But they also need to empower their employees with knowledge to implement sound social media governance.” Since tools like Facebook and Twitter don’t require support from the IT department, they can be introduced by a business unit, marketing team or individual employees, and bypass IT, HR and Legal. This issue is reflected in IT department attitudes—62% of respondents to the 2010 ISACA IT Risk/Reward Barometer rated the risk posed by employees visiting social networking sites or checking personal e-mail as medium or high.
“The greatest risks posed by social media are all tied to violation of trust,” said ISACA Certification Committee member John Pironti, CISM, CRISC, and president of IP Architects LLC. “Social media is built on the assumption of a network of trusted friends and colleagues, which is exploited by social engineering at great cost. That is why ongoing education is critical.” A free copy can be downloaded at

Saturday, June 5, 2010

BoardDocs Paperless SaaS Solutions Now Supported on the Apple iPad

Paperless governance market leader BoardDocs® today announced that its BoardDocs Pro and BoardDocs LT solutions are now supported on the Apple® iPad™. This support brings together two market leaders to provide BoardDocs users with an absolute best-in-class way to access BoardDocs SaaS offerings. This latest service advantage exemplifies how the Company maintains category leadership by responding rapidly as new technologies become available.
BoardDocs services are proven to save many organizations tens of thousands of dollars annually – a top priority in tough economic times when governing bodies are under the microscope for spending. User organizations also see a dramatic increase in their board’s effectiveness and in their administrative time-of-staff productivity. The low-cost and compact mobile iPad device represents an ideal match for individuals in this demanding environment. BoardDocs is the leading eGovernance provider with more than 350 organizations subscribing to its services and was named to CRN's Fast Growth Technology Companies list last year. With BoardDocs services, virtually any browser can be selected to deliver a flexible and responsive user interface. Plus, only BoardDocs supports every implementation with dedicated project management, unsurpassed on-site training and 7 x 24, toll-free, US-based technical support, included with every subscription.

Monday, February 1, 2010

IT Governance Offers Safe Route to the Benefits of Cloud Computing

IT Governance (ITG) is helping companies find the efficiencies and savings of cloud computing without putting business information at risk. Through cloud computing, a company’s IT functions are moved to an external, shared service provider and accessed over the Internet. Data is no longer stored in-house and software applications are no longer owned by the company. IT Governance’s latest book, Above the Clouds: Managing Risk in the World of Cloud Computing (, explains the potential benefits of adopting this approach.

Author Kevin T. McDonald challenges the misconception that cloud computing must necessarily offer weaker data protection than an in-house server. In fact, he argues that cloud computing can help to defend an organisation from IT security threats such as denial-of-service attacks, viruses and worms. The risk management process begins when choosing a service provider. McDonald says: “You need to be confident that your business information will be secure. You need to make sure you carry out due diligence on the service provider before you entrust this firm with your vital data. The challenge for procurement professionals is determining what questions to ask, what assurances should be in the contracts and how much risk is being assumed when a service is moved to the ‘cloud’.”

McDonald says the concept of ‘outsourcing to the cloud’ is proving increasingly attractive to companies seeking to save money. “The cost is falling dramatically, which means it’s no longer rare for a company to consider cloud computing.” A company is charged for the use of software applications, and for data storage, just like being charged for electricity. In only paying for the resources used, therefore, operating costs can be reduced. After all, as McDonald explains, in-house data centres typically leave 85%-90% of available capacity idle. Visit the ITG portal for complete service details


GRC (7) Compliance (6) Governance (4) ISACA (4) IT security (3) PCI (3) Andy Greenawalt (2) CPE credit hours (2) Continuity Engine (2) ControlPanelGRC (2) FFIEC (2) IT Governance (2) ITG (2) Information Security and Risk Management Conference. Jim Reavis President (2) Management software (2) Mega (2) PCI DSS (2) Risk (2) SaaS (2) SymSoft (2) best practices (2) eIQnetworksm (2) enterprise (2) enterprise risk management (2) hipaa (2) international conference (2) regulatory compliance (2) system administrators (2) 2010 Corporate Governance and Compliance Hotline Benchmarking Report (1) AML (1) ANSI (1) Above the Clouds (1) Accellion (1) ActOFAC (1) ActionPacks (1) Alan Calder (1) Apple® iPad™ (1) Archer Exchange (1) Archer SmartSuite Framework (1) Archer Technologies (1) Archer Threat Management (1) BAM™ (1) BDO Consulting (1) BSA (1) BSA Express™ (1) BSI (British Standards Institution (1) BWise (1) Bankers Toolbox (1) BoardDocs LT (1) BoardDocs Pro (1) CAMS (1) CGEIT (1) CRN (1) CTO (1) Campaign management (1) Certified Anti Money Laundering Specialists (1) Cloud Computing (1) Compliance Module (1) ComplianceVue (1) Control (1) Control testing (1) Cypress Software Systems (1) Data Security Standard (1) Datactics (1) ECQM (1) ERM (1) Enterprise Compliance and Quality Management (1) Enterprise GRC Controls (1) Enterprise Security Reporter® 3.7 (1) FISMA (1) Facebook (1) File System Auditor™ 2.5 (1) First Round Capital (1) Forrester (1) Forrester Research (1) GLBA (1) GRC Manager (1) GRC platform market (1) HIPAAVue (1) ICBM (1) IEC (1) IT Risk Reward Barometer (1) Jim Forrester (1) Luc Brandts (1) Lucio de Risi (1) MDM (1) MEGA Solution for Compliance (1) Mainline Information Systems (1) Managed File Transfer (1) Managing Risk (1) Mark IV (1) Meenu Gupta (1) Mittal Technologies (1) Multi-compliance support (1) NERCVue™ (1) Oracle (1) PA-DSS (1) PCI SSC (1) PCI Security Standards Council (1) PCI compliance (1) PCIVue™ (1) PED (1) PIN Entry Device (1) Payment Application Data Security Standard (1) Payment Card Industry Data Security Standard (1) Philippe Courtot (1) Pilgrim Software (1) Pironti (1) President (1) Qualys (1) QualysGuard (1) Reavis Consulting Group (1) Red Flag PATRIOT (1) Robert Pijselman (1) SAP (1) SAP Security and Technical administration (1) STEP (1) ScriptLogic (1) SecureVue (1) SecureVue Central Server (1) SmartInsight™ Report Writer (1) SmartSolve (1) Software as a Service (1) Steve Croft (1) Stibo Systems (1) The Network (1) Twitter (1) Yorgen Edholm (1) analytics (1) application (1) attributes (1) audit tools (1) compliance issues (1) compliance officers (1) compliance platform (1) compliance reporting (1) compliance tax relief (1) complianceISO27000 (1) confidential data (1) control management (1) credit card data (1) credit risk management (1) cyberspace (1) denial-of-service attacks (1) eGovernance (1) email-like interface (1) engine (1) enterprise customers (1) evidence-based healthcare (1) examine account activity (1) financial institutions (1) fraud reporting (1) holistic approach (1) identity theft (1) in-progress attacks (1) initiatives (1) internal auditors (1) large enterprises (1) loan application process (1) log data management (1) management (1) mandates (1) market (1) master data management (1) mitigation (1) mobile device (1) money laundering (1) outsourced monitoring services (1) oversubscribed funding round (1) payment card industry (1) platform (1) processes (1) remote location (1) risk and compliance (1) risk identification (1) risk managers (1) risk-based modeling (1) second-generation suite (1) sem (1) sim (1) suite (1) system security (1) toolset (1) transparent (1) vendor (1) viruses (1)