tagged w/ COO
-
A recent benchmarking survey of Third Party Codes of Conduct was conducted by the Society of Corporate Compliance and Ethics (SCCE) and reported on by Rebecca Walker. The findings indicated that a majority of companies with an otherwise robust compliance program do not extend this to third parties with which they conduct business. For those companies who now desire to evaluate their third party business partners for Foreign Corrupt Practices Act (FCPA) compliance, how and where do they begin?
http://information-security-resources.com/2010/03/04/risk-based-enterprise-compliance-programs/A recent benchmarking survey of Third Party Codes of Conduct was conducted by the... more
-
-
-
The landscape of the Foreign Corrupt Practices Act (FCPA) is littered with cases involving both agents and resellers are they are the most clearly acting as representatives of the companies whose goods or services they sell for in foreign countries. However many US businesses believe that the legal differences between agents/resellers and distributors insulate them from FCPA liability should the conduct of the distributor violate the Act. If you have a distributor, it must be subjected to the same FCPA scrutiny and management as an agent, reseller or joint venture partner…
http://information-security-resources.com/2010/02/18/resellers-and-distributors-under-the-fcpa/The landscape of the Foreign Corrupt Practices Act (FCPA) is littered with cases... more
-
-
These changes to the Sentencing Guidelines should be monitored closely by companies as they represent significant amendments to the Sentencing Guidelines. It appears that the Department of Justice is moving to force companies to place compliance and ethics in a higher profile within their organizations and not simply to pay lip service, along the lines of “we have a code of ethics and act responsibly”…
http://information-security-resources.com/2010/02/11/changes-in-law-for-fcpa-ethics-compliance/These changes to the Sentencing Guidelines should be monitored closely by companies as... more
-
-
The recession has lessened and all that cash your Company has been hoarding for the rainy days of the Obama years is burning a whole in your CEO’s pocket. He has his powder dry and is ready to make a big bang by going on a buying spree, targeting overseas entities, to beat the competition in coming out of your industry’s downturn. An initial inquiry should be made into the ownership structure of the target company. If any portion of the entity is owned or held by a government or governmental entity then such an entity is covered under the FCPA as a foreign governmental instrumentality…
http://information-security-resources.com/2010/02/03/the-fcpa-role-in-international-acquisitions/The recession has lessened and all that cash your Company has been hoarding for the... more
-
-
Conducting effective training programs is listed in the 2005 Federal Sentencing Guidelines as one of the factors the Department of Justice will take into account when a company, accused of an Federal Corrupt Practices Act violation, is being evaluated for a sentence reduction. But what is an effective training program?
http://information-security-resources.com/2010/01/24/effective-compliance-training-development/Conducting effective training programs is listed in the 2005 Federal Sentencing... more
-
-
As the Haitian people fight for subsistence, the world is responding with food and medical assistance. This tragedy wreaked havoc on a victim unsung by the news media – the telecommunications infrastructure. However, there is a ground-swell in the technical community targeting this need. George Moraetes is among those that have used their skills to help.
http://information-security-resources.com/2010/01/21/it-expertise-helping-in-haitian-recovery/As the Haitian people fight for subsistence, the world is responding with food and... more
-
-
In his excellent FCPA Blog, Richard Cassin has written about an effective compliance program. He notes that the purpose of an effective compliance program is to prevent and detect criminal conduct. Mr. Cassin based his guidance on the United States Federal Sentencing Guidelines. In the coming weeks, we will review each of these suggested guidelines and provide nuts and bolts recommendations for you to use in crafting your own effective compliance program.
http://information-security-resources.com/2010/01/14/effective-enterprise-compliance-systems/In his excellent FCPA Blog, Richard Cassin has written about an effective compliance... more
-
-
PCI provides a set of tactics to protect the confidentiality and integrity of data. Applying them appropriately requires situational awareness and knowledge of the company’s core values and strategy. Sun Tzu’s approach at assessing an army’s readiness for battle can be applied to the attaining this knowledge in a business environment…
http://information-security-resources.com/2010/01/06/sun-tzu-pci-dss-and-situational-awareness/PCI provides a set of tactics to protect the confidentiality and integrity of data.... more
-
-
Which department or group of your company spends the most money annually? Did Supply Chain immediately come to mind? Probably not. How much of your compliance efforts are focused on the Supply Chain within your organization? There are several methods that could be used to assess risk in the area of supply chain and vendors.
http://information-security-resources.com/2009/12/21/risk-based-due-diligence-for-supply-chains/Which department or group of your company spends the most money annually? Did Supply... more
-
-
A value statement connects a project or investment to the mission and values of the organization and there are cases were value overrides financial ROI. A cogent value statement combined with a best-effort ROI can enhance both the bottom line and the security posture of the company by identifying the operational conditions for success.
http://information-security-resources.com/2009/12/20/roi-and-the-infosec-value-statement/A value statement connects a project or investment to the mission and values of the... more
-
-
During a recent interview Navy CIO Robert Carey stated that cloud computing offered real value to the Navy, iting that both the Navy Next Generation Enterprise Network and Consolidated Afloat Networks and Enterprise Service programs will leverage cloud computing. He envisions a future day when “Grey clouds” within a ship’s hull will transition to clouds within the battle group.
http://information-security-resources.com/2009/11/24/us-navy-successfully-tests-cloud-based-iaas/During a recent interview Navy CIO Robert Carey stated that cloud computing offered... more
-
-
-
-
According to Sun Tzu, the Tao is the Way – the context that defines how actions are perceived and valued, and management must be able to accurately assess the program in the context of the company’s cultural and political reality. Failure to do this will inevitably create a clash between strategic security plans and the operational activities that enable that vision.According to Sun Tzu, the Tao is the Way – the context that defines how actions... more
-
-
(Video) During this week’s Federal Executive Forum, key decision makers from DoD, DHS and FBI highlighted identity management interoperability as their key priority for 2010. Panelists included: Robert Mocny, Acting Director, US-VISIT Program Department of Homeland Security; Stephen Morris, Criminal Justice Information Services Division, FBI; and Thomas Dee, Director, Defense Biometrics, Office of the Secretary of Defense…(Video) During this week’s Federal Executive Forum, key decision makers from... more
-
-
Gwen Morton and Ted Alford have published an excellent economic evaluation of the federal government’s push into cloud computing. Their conclusions acknowledge the value of cloud computing, but also offers some practical considerations.Gwen Morton and Ted Alford have published an excellent economic evaluation of the... more
-
-
Given the business impact of regulations like PCI DSS, Sarbanes Oxley, and GLBA, this is understandable. While savvy business leaders understand the limitations of these guidelines, there are among us less enlightened individuals who view these as a cure for organizational security issues.Given the business impact of regulations like PCI DSS, Sarbanes Oxley, and GLBA, this... more
-
-
Carpathia Hosting has announced the formation of Carpathia Government Solutions, a unit dedicated to providing solutions specifically for federal civilian and defense agencies. The new business unit boasts ATOs (Authority to Operate) for over 20 federal agencies, support for private agency networks and an active facility clearance.Carpathia Hosting has announced the formation of Carpathia Government Solutions, a... more
-
-
How do we market security? The cyber-bullies among us might still use Fear, Uncertainty, and Doubt. While this may produce short term acquiescence, that approach ultimately alienates us from the decision makers. Ultimately, security professionals must identify what is valuable to the business and then associate the need for security with those assetsHow do we market security? The cyber-bullies among us might still use Fear,... more
-
