The metrics of IT: Management by measurement, TechRepublic
The days of managing by instinct are not completely gone, but that approach must be supplemented by other methods and quantifiable measurements. When it comes to IT, the three Ms (metrics, monitoring, and measuring) are more important than ever.

The Top 10 Information Security Myths, Bank Systems & Technology
This article addresses and dispels some commonly-held IT security beliefs that may be at play within your organization.

Improving Online Banking Authentication, TowerGroup Research
Increased consumer awareness coupled with lower-cost and more user-friendly authentication methods will allow banks to more effectively combat new types of fraud.

Keep Bank Customers Online - Counter ID Theft Fears, BankInfoSecurity.com
A recent survey documents the impact of identity theft concerns on consumer online behavior. Decline in online usage rates is being met with efforts to deploy secure transaction-based applications in the intensely-competitive banking and financial services sector where online services are a critical customer component.

Banks Hit with New Spoofing Attacks, PCWorld.com
In a recent phishing scam, online customers of three Florida banks were redirected to a bogus server and asked to enter credit card numbers and other sensitive data. Hackers had made changes to the legitimate bank sites, making the scam much harder to detect.

Defining adequate security controls, SearchSecurity.com
Since adoption of Sarbanes-Oxley, security practitioners have been asking what it means to establish and maintain “adequate internal controls." The only way to successfully meet the compliance criteria is to set the bar for authentication and access controls as high as the technologies and products available today.

Users the Weak Link in Security, BankInfoSecurity.com
IBM study finds cyber-criminals are targeting employees to execute their attacks. Experts say that computer users continue to be the weak link in corporate security.

Ducking a bullet over data encryption, TechRepublic
Financial institutions heave a sigh of relief after a court ruling that Gramm-Leach-Bliley does not prohibit an employee from working with sensitive data on a laptop computer in a home office, nor does it require personal information on the laptop to be encrypted.

The Next Generation of Phishing Attacks, Bank Systems & Technology
Strong authentication at login is important, but is not sufficient anymore. In redirection attacks, scammers increase the duration of phishing attacks by redirecting victims to sites that are still live, even after others have been discovered and shut down.

Choosing a remote access authentication scheme, TechRepublic
As your organization grows, the number of remote access users is likely to grow. Managing authentication for a large number of users can present security challenges; and the choices you make have implications for ease of administration and security.

CSOs Reveal Business Continuity, Resiliency and Disaster Recovery the Top Security Business Concern, BankInfoSecurity.com
CSO Magazine’s  bi-annual survey of chief security officers reveals their top ranking priorities in 2006. Number one: business continuity, resiliency, and disaster recovery.

Seven Habits of Highly Effective Compliance Programs, TechRepublic
The USSC (U S Sentencing Commission) guidelines provide a commonsense framework around which organizations can structure their compliance management program. Using the guidelines, Forrester has integrated research and experience on compliance best practices.

Three Important Trends in Data Security for Compliance, Auditing & Risk Management
What does the broad, patchy regulatory landscape mean for an organization's data-related compliance efforts in addressing three of the most common compliance challenges: continued push to automate processes, struggle to understand and satisfy unclear regulations, and the requirement to provide a usage audit trail for sensitive data.

When Pressing the "Send" Button Leads to Legal Liability, TechRepublic
This white paper examines the impact of key industry regulations on e-mail security including the Gramm-Leach-Bliley (GLB) Act, the Sarbanes-Oxley (SOX) Act and the Health Insurance Portability and Accountability (HIPAA) Act. Free registration required.

PATRIOT: Compliance Is Now Everyone's Concern, CIO
Globally-applied compliance initiatives are already a reality. The recent renewal of the USA PATRIOT Act in perpetuity means that all U.S. companies, as well as countries wishing to do business with the U.S., will be required to comply with the law on a permanent basis.

Is There A Digital Vault In Your Future, Sarbanes-Oxley Compliance Journal
As auditors become savvier about IT security practices, more businesses are being warned that existing safeguards are not up to par. Digital Vaults offer protection against internal and external threats, securing information while in storage and during transmission.

7 Tips for Effective Listening, The Institute of Internal Auditors
Effective listening may be an auditor’s most crucial skill. Internal auditors who use "active" listening will likely become much better listeners and engage in more efficient and effective communication. Free registration required.

Making a business case for ERM, Rough Notes
Using a value-based approach to ERM allows companies to express risk in terms of the current and potential impact on the value of the enterprise.

How to implement an effective risk management team, SearchSecurity
The overall goal of information risk management (IRM) is to ensure that the company is protected in the most cost-effective manner. This installment of the Risk Management Guide describes roles and responsibilities of an IRM team.

Reinventing the CFO: Use a Rolling Forecast to Spot Trends,  Harvard Business School Working Knowledge
Given the instability of business, managers need a more nimble measurement system to help them make faster, well-informed decisions. This excerpt from the new book, Reinventing the CFO, explains how to make forecasts realistic and effective.

Always Vigilant, Always On: Embedding IT Risk Management in Your DNA, DMReview.com
Downtime and data loss are extremely costly in today's competitive business environment, where critical applications depend on IT. The toughest job may be instilling business continuity, availability, and security into your corporate culture.

Nine Steps to Prevent Merger Failure, Harvard Business School Working Knowledge
Most mergers fail at the execution stage. To avoid these execution-related failures, you need a program integration team early in the process that can respond to the "nine deadly sins" – execution risks inherent in all transactions.

Risk management: A board issue yet? Rough Notes
Three years ago, only one in ten boards spent more than 10% of their time on formal risk management. Today, that percentage is almost 40%. Complete results are provided for one of the first international surveys to study just how far the topic of risk has risen on the board’s agenda.

Risk Management Requires 'Greater Conservatism', Bloomberg.com
New financial instruments and product trends have changed the nature of risk for banks and financial institutions who must apply “more care and attention and greater conservatism'' to the practice of risk management, according to New York Federal Reserve Bank President, Timothy Geithner.

The Real Value in Sarbanes-Oxley, Harvard Business Review 
Smart companies are finding unexpected benefits in Sarbanes-Oxley (SOX) compliance. This article discusses the big control gaps that early Sarbanes-Oxley compliance efforts uncovered, and how companies are using SOX requirements to their advantage.

A Burden with No Benefit? Wall Street Journal
Recently, the Securities and Exchange Commission appears more unlikely to allow small companies to be exempted from Sarbanes-Oxley rules on internal controls.

Audit Fees Drop, for Some, CFO.com
Companies registered a 0.6 percent dip in audit and audit-related fees, and a 7.4 percent drop in total fees according to new data released by Compliance Week.

Listen to your CFO, FederalTimes.com
The heightened accountability that Sarbanes-Oxley brought to the private sector has moved to the government’s operations with the issuance of revised OMB Circular A-123.

SOX and Incentive Compensation Management, Sarbanes-Oxley Compliance Journal
Since Sales and Cost of Sales can have a significant impact on a company's statement of earnings, incentive compensation management is a business process with strong exposure for companies seeking to reduce their risk of non-compliance.

Time to Reform Sarbanes-Oxley, The American Spectator
Some liken the disproportional impact of Sarb-Ox’s notorious Section 404 on smaller companies to airline security, where respectable citizens have to take their coat, belt, and shoes off.

Study Reveals Adoption of SOX Standards by Private Organizations as Best Practices, Foley & Lardner
Private and non-profit organizations are continuing to adopt aspects of the SOX Act as a set of best practices.

A Small Uproar over 404, CFO.com
To date, only two CFOs, from small companies, have voiced complaint over Section 404 in the formal public comments related to the upcoming SEC roundtable on the internal-controls provision, scheduled for May.

The Right Combination for Sustaining Sarbanes-Oxley Compliance,  BetterManagement.com
Sustained SOX compliance is a journey, not a "once-and-done" effort. It takes the right combination of people, processes, and technology starting with harnessing the best people in the company to manage the effort.

Death by A Thousand Cuts, Sarbanes-Oxley Compliance Journal
Most organizations probably do not see the dangers of compliance breakdown as they are taking place because they are looking for something on a catastrophic level, when, in reality, a breakdown is usually preceded by many smaller incidents.

The intersection of Sarbanes-Oxley and insider threats, Computerworld
There is a growing trend for information security budgets to be shared between traditional security projects and compliance-related agendas since the consequences of a security breach parallel many of the concerns around Sarbanes-Oxley.