Tag: cyber security

Categories
Compliance Into the Weeds

Impacts on Compliance of Russian Invasion of Ukraine

Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. This week, Matt and Tom take a deep dive into some of the impacts on compliance from the Russian invasion of Ukraine. Highlights include:

·      How will the invasion impact your Supply Chain?

·      What are the attributes of a compliance program that can lead your corporate response?

·      What about cyber?

·      Will all this lead to a more holistic ERM response?

Resources

Matt in Radical Compliance

Categories
Everything Compliance

Episode 95, the Russia Invades Ukraine Edition


Welcome to the only roundtable podcast in compliance. The entire gang was also recently honored by W3 as a top talk show in podcasting. In this episode, we have the quartet of Jonathan Marks, Karen Woody, Jonathan Armstrong, Tom Fox and Matt Kelly. We dedicate the entire episode to compliance issues arising from the Russia invasion of Ukraine. We conclude with our fan favorite Shout Outs and Rants.

  1. Karen Woody considers the impact of corruption in both Russia and Ukraine going forward. Karen shouts out to the Ukraine’s U.N. Ambassador Sergiy Kyslytsya for his impassioned plea for Russia to stop its invasion of his country this week, at the United Nations.
  1. Matt Kelly looks at the export control issues and sanctions issued by the US and its allies in this arena. Kelly shouts out Jackson Reffitt, who testified against his father in his father’s Capital Insurrection trial.
  1. Jonathan Marks discusses the sanctions which have been levied by the Biden Administration, how to assess this evolving risk and the role of the Board in managing this risk. Marks rants about Bob Blaffert (again)  and shouts out to Sonny Johnson, an autistic basketballer who made the game winning shot that helped his team win its final game of the season.
  1. Jonathan Armstrong looks at how the shooting war in the Ukraine has spilled over into a cyber war across the globe. Armstrong shouts out to Paddington Bear for giving comfort to refugees across the globe and to the voice of Paddington Bear, Ukrainian President Zelensky.
  1. Tom Fox shouts out to the Texas GOP for stopping AG Ken Paxton from renomination in the party’s primary and for forcing him into a run-off with George P. Bush.

 The members of the Everything Compliance are:

  • Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
  • Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu
  • Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com
  • Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at marks@bakertilly.com

The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
Daily Compliance News

March 10, 2022 the 4-Day Notice Edition


In today’s edition of Daily Compliance News:
·      Matthew Stephenson speaks. (Harvard Law Today)
·      Black Panther movie director arrested for ‘banking while black’.   (BBC)
·      Sunny Balwani trial to begin. (WSJ)
·      SEC proposes 4-day notice requirement for cyber breach. (Reuters)

Categories
Coffee and Regs

Data Privacy & Building Compliance into the Product Development Lifecycle


 

Data Privacy & Building Compliance into the Product Development Lifecycle

 
In this episode, CSS’s Director of Cyber IT Services, E.J. Yerzak sits down with Co-Founder and COO of TerraTrue, Chris Handman to discuss data privacy and how compliance can keep up with the ambitions of product teams by building data privacy controls into the product development lifecycle.
 

 

About Our Guest Speakers:

E.J. Yerzak CISA®, CISM®, CRISC™ assists firms in assessing and managing their cybersecurity risk – from network vulnerability scanning and penetration testing to onsite cybersecurity assessments and assistance in implementing the NIST cybersecurity framework. E.J. has authored articles and alerts on emerging regulatory and technology issues, and is regularly requested to speak as a cybersecurity expert at industry conferences.

 
 
 


Before co-founding TerraTrue, Chris Handman was the first General Counsel at Snap, where he built the company’s legal, compliance, public policy, and law-enforcement teams. During his time there, Chris developed a transformative privacy program that coupled rigorous review with tools and systems that were nimble enough not to restrain the relentless pace of execution. Chris is a Homeland Security Project fellow at Harvard’s Belfer Center for Science and International Affairs. And he’s constructed two crossword puzzles that have been published in the New York Times (one of which was featured on the Colbert Report). He graduated from Yale Law School.

 
 

Categories
Coffee and Regs

Ransomware Attacks – Cybersecurity Concerns & Best Practices to Mitigate Risk

Ransomware Attacks – Cybersecurity Concerns & Best Practices to Mitigate Risk

 
In this episode, our team of cybersecurity experts, E.J. Yerzak and Mike Farrell discuss the latest ransomware attacks in the news, best practices to keep your data secure and hackers out, and what to do first if your firm is hit by an attack.
 

 

About Our Guest Speakers:

E.J. Yerzak CISA®, CISM®, CRISC™ assists firms in assessing and managing their cybersecurity risk – from network vulnerability scanning and penetration testing to onsite cybersecurity assessments and assistance in implementing the NIST cybersecurity framework. E.J. has authored articles and alerts on emerging regulatory and technology issues, and is regularly requested to speak as a cybersecurity expert at industry conferences.

 
 
 


Mike Farrell is a Certified Information Systems Auditor (CISA®) and Certified Information Security Manager (CISM®), and Cybersecurity Consultant at CSS. He analyzes data and conducts cybersecurity risk assessments, policy gap analyses, vulnerability scanning and social engineering testing. His Information technology experience includes network installations and management, hardware and software configuration, and troubleshooting.

 
 

Categories
Integrity Through Compliance

Dionne Lomax and Kelly Graf Take a Look at Privacy and Cybersecurity Issues for 2021

Recorded before the recent Colonial Pipeline Ransomware attack, Affiliated Monitors, Inc.’s Managing Director, Dionne Lomax, sat down with Dentons’ Kelly Graf to discuss Privacy and Cybersecurity Issues for 2021 and Beyond. Kelly shares with our listeners how mature their security programs need to be in light of ransomware, phishing, and a post-COVID-19 Work From Home data protection environment. Now that cybersecurity is in the news more than ever, this conversation couldn’t be more relevant.
 

 
They cover topics including:
• The multi-trillion dollar growth in this criminal industry over the last decade
• The importance of remote working standards and network segmentation
• Class action lawsuits regarding large scale data breaches
• Ongoing trends in FTC enforcement of COPPA
• The modern sophistication of phishing and social engineering attacks
• The perverse incentives created by, and the unintended consequences of, the growing cybersecurity insurance industry
• The creative ways that lawyers have used outdated privacy laws to bring data security lawsuits
 
 

Categories
Coffee and Regs

Managing Cyber Insurance Risk

Managing Cyber Insurance Risk
 

In this episode, CSS’s Director of Cyber IT Services E.J Yerzak sits down with AVP, Program Executive at Varney Agency and cyber insurance expert Nick Weiner to discuss the recent NYDFS guidance for insurers that underwrite cyber insurance policies. The guidance includes a Cyber Insurance Risk Framework that provides best practices for managing cyber insurance risk amid concerns of systemic and “silent” risks to the financial sector.

 

 

About Our Guest Speakers:

 

E.J. Yerzak CISA®, CISM®, CRISC™ assists firms in assessing and managing their cybersecurity risk – from network vulnerability scanning and penetration testing to onsite cybersecurity assessments and assistance in implementing the NIST cybersecurity framework. E.J. has authored articles and alerts on emerging regulatory and technology issues, and is regularly requested to speak as a cybersecurity expert at industry conferences.

 
 

Nick Weiner is a commercial insurance agent, with ten years of experience focused on cyber, professional & management liability insurance for financial institutions. Nick firmly believes every professional organization deserves access to a specialist who can design, administer and implement a custom insurance solution. Working with an independent insurance agency gives Nick the opportunity to use his experience, knowledge, and understanding of the marketplace to assist his clients in finding the insurance solutions that meets their needs. At twenty-two, Nick started his own national insurance agency focused solely with the goal of servicing entrepreneurs in the financial services industry. Seven years later, Nick’s business was purchased, and he joined forces with Varney Agency (Portland, ME) to assist in the continued growth of their financial institution’s division. Nick often participates in thought leader groups for the industry and works closely with some advisory focused publications to provide input on insurance related topics.

 
 

Categories
Compliance and Coronavirus

Scott Price on Cyber-Security Risks Going Forward


Welcome to the newest addition to the Compliance Podcast Network, Compliance and Coronavirus. In this episode, I am joined by Scott Price. Scott has provided clients with security, assurance, and compliance solutions for nearly 20 years. In this time, he has completed over 2,000 SAS 70/SOC audits and has supported many Global 1000, Fortune 500, and regional companies. In 2009, Scott started A-LIGN to provide partnership to firms around the globe by solving their security and compliance problems. In 2016, Scott was selected to Accounting Today’s Managing Partner Elite, highlighting the leaders of accounting firms who stand out from their peers due to their ability to guide their firms through innovation, development of strong culture, and continued focus on growth.
In this episode, we consider some of the challenges for compliance professionals in the current environment around how Coronavirus is impacting the security and compliance industry; what are the benefits of conducting a remote audit; and what will the compliance landscape look like 6-9 months from now for cyber-risk and cyber-security? We conclude with a look at what might be the “new normal” look like for both clients and compliance firms?
For more information on A-LIGN, check out their website here.

Categories
Life with GDPR

Life With GDPR: Episode 23- Looking into the 2019 Crystal Ball

In this episode, I visit with Jonathan Armstrong consider some of his predictions for the rest of 2019. Even if these predictions do not become fully formed, you should consider them in light of your data privacy/data protection policies and protocols. Some of the issues and highlights are:

  1. Drones-what are the GDPR implications.
  2. The number of data breach notifications under GDPR. Through the end of January there were over 42,000 in the EU alone.
  3. Will AI and self-driving cars follow the rules on safe driving standards, or will there be new rules for the road?
  4. What will be the effects of data, big data and AI in elections going forward? What will be the fallout from Cambridge Analytica going forward?
  5. How will businesses respond to the industrialization of internet crime? What happens when there is a Zero-Day exploit?
  6. Cybersecurity insurance. Will standard insurance rules and regulations apply, or will new policy language be drafted for such coverage?

For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.