Blog

Use Continuous Monitoring Solutions to Quantify Actual Risk Exposure

Guest Blog by:Vijan Patel, Director, Technology Consulting, Enterprise Application Services, ProtivitiJohn Scaramucci, Associate Director, Technology Consulting, Enterprise Application Services, Protiviti Click here to read the full blog on Protiviti’s web site In today’s growing remote workforce, companies are faced with the challenge of scaling centralized authentication and user provisioning, while at the same time managing […]

Read more
360° Control Automation, Monitoring & Enforcement

Guest Blog by Michael Rasmussen, Research Analyst at GRC 20/20 Research Business today is changing minute-by-minute and second-by-second. Processes and technology and their configurations are changing. Employees and their access into systems are changing as they are hired, change roles, inherit rights, and ultimately leave the organization. Transactions and vendors are changing. The pace of […]

Read more
Managing Insider Threats

by Jasmine Chennikara-Varghese, Greenlight Technologies Employees are perhaps one of the most challenging security risks to the modern business landscape. Insider threat comes from those authenticated and authorized users performing potentially damaging activities from within your trusted landscape. While keeping the bad guys out is critical, the insider threats are harder to discern and happen […]

Read more
Cooking the Books Instead of Pastries

It’s like you become a little kid again when you walk into a café and take a look at the wide assortment of pastries and cakes behind the display cases. Eyes widen… stomachs growl… thoughts of calories go out the window. The last thing going through your mind is the accounting practices at the café […]

Read more
Bigger Isn’t Always Better… Just Ask Yahoo!

Bigger Isn’t Always Better… Just Ask Yahoo! If you’re concerned about information security, you’re well aware of the Yahoo breach. Although the breach occurred in late 2014, Yahoo and its users started feeling the ramifications in September. The company confirmed that data from at least 500 million user accounts were stolen, including names, email addresses, […]

Read more
Implementing Controls for Exceptional / Super User Access

Implementing Controls for Exceptional/Super User Access It is not possible to eliminate all access policy conflicts where exceptional access needs to be granted to users to support business requirements.  Emergency access enables a business or IT personnel to resolve problems in a timely manner within key business operating and transaction systems.  When these situations occur, […]

Read more
Continuous Monitoring & Automated Policy Enforcement – Moving Beyond Detective IT Controls Without Restricting The Business

Continuous Monitoring & Automated Policy Enforcement – Moving Beyond Detective IT Controls Without Restricting The Business Is it better to implement a preventative or detective control environment that can identify and determine the correction to a control violation? Well that depends. Which would you rather sell to management, the prevention or the cure? But remember […]

Read more
CFO Perspective: Reducing the Cost of SOX Compliance

By Mark Kissman, CFO, Greenlight Technologies More than a dozen years after the adoption of the Sarbanes-Oxley Act (SOX), we would expect the effort expended by organizations to comply decrease over time. However, according to Protiviti’s 2015 Sarbanes-Oxley Compliance Survey, 67% of the 460 audit executives and professionals polled reported an increase in the hours […]

Read more
Cyber Security Solutions: Data Spillage and How to Create an After-Incident “To Do” List

Photo courtesy of Center for American Progress Action Fund(CC No Derivatives) Cyber Security Solutions: Data Spillage and How to Create an After-Incident “To Do” List President Obama and China’s President Xi Jinping “understanding” about cyber theft in their recent meeting stirs up worries about company data being compromised. Unfortunately, there’s nothing you can do if […]

Read more