Tag: data governance

Categories
Uncovering Hidden Risks

Ep 1 – Transitioning to a Holistic Approach to Data Protection

Bret Arsenault, CVP, CISO at Microsoft, joins us on this week’s episode of Uncovering Hidden Risks to discuss how a holistic approach to data protection can deliver better results across your organization and the three steps that can get you there. Erica Toelle and Talhah Mir host this week’s episode to chat with Bret about current trends in the data protection space, what data protection issues are top of mind, and how teams should get started on their data protection strategy.

In This Episode You Will Learn:

  • How to take a holistic approach to data protection
  • What data protection issues are top of mind
  • How teams can get started on their data protection strategy

Some Questions We Ask:

  • How do you view the data protection landscape?
  • What trends do you see in the data protection space?
  • What challenges have you faced in understanding your data estate?

Resources:

View Bret Arsenault on LinkedIn

View Talhah Mir on LinkedIn

View Erica Toelle on LinkedIn

Related Microsoft Podcasts:

Listen to: Afternoon Cyber Tea with Ann Johnson

Listen to: Security Unlocked

Listen to: Security Unlocked: CISO Series with Bret Arsenault

 

 

Categories
Blog

The Uncovering Hidden Risks Podcast Returns to the Compliance Podcast Network

The risk landscape for organizations has changed significantly in the past few years. Traditional ways of identifying and mitigating risks simply do not work. They focus primarily on external threats when risks from within the organization are just as prevalent and harmful. Additionally, regulations change frequently, and it is difficult for security and compliance leaders to keep up on these changes.

The Compliance Podcast Network is therefore thrilled to have back for a limited series, the Microsoft podcast, The Uncovering Hidden Risks, which will explore the need for enterprises to quickly move to a more holistic approach to data protection and reduce their overall risk. The show will cover an array of topics, across data governance, risk management, and compliance. It will address industry trends and customer pain points.

In each episode Erica Toelle, Sr. Product Marketing Manager for Microsoft Purview, partners with a Microsoft guest host to interview a guest leader in the data governance and compliance industry. These experts have a unique and deep understanding of the challenges organizations face, and the people, processes, and technology used to address them.

We are excited to have this podcast made available to the listeners of the Compliance Podcast Network so that they may listen in to these conversations as Erica and her Microsoft colleagues discuss a range of interesting topics, ranging from trends, best practices, and real-life strategies for developing a holistic data governance and risk management program.

The Uncovering Hidden Risks podcast will launch on Wednesday, September 28th with the first episode in the series.  

Listen to The Uncovering Hidden Risks podcast trailer below and subscribe on https://www.uncoveringhiddenrisks.com

Or you can listen and subscribe on the following platforms:

Here is a preview of the first episode, posting on Wednesday, September 28th:

Transitioning to a holistic approach to data protection

Guest Bret Arsenault, CVP, CISO at Microsoft joins us on this week’s episode of Uncovering Hidden Risks to discuss how a holistic approach to data protection can deliver better results across your organization and the three steps that can get you there. Erica Toelle and Talhah Mir host this week’s episode to chat with Bret about current trends in the data protection space, what data protection issues are top of mind, and how teams should start on their data protection strategy.

Categories
This Week in FCPA

Episode 297 – the Ng Convicted edition


As the NY Mets have the best record in baseball and we prepare for the celebrations of Easter and Passover, Tom and Jay are back to look at some of the week’s top compliance and ethics stories in the Ng Convicted edition.
Stories

    1. Roger Ng was convicted. Tom in the FCPA Compliance and Ethics Blog.
    2. Lessons from DOJ’s first cyber fraud settlement? Annie Hudgins in the FCPA Blog.
    3. Depression as corporate materiality issue. Dick Cassin in the FCPA Blog
    4. Should CCOs be required to certify compliance programs? Mike Volkov in Corruption Crime and Compliance.
    5. CEO fined by SEC for impeding whistleblower. Aaron Nicodemus in Compliance Week. (sub req’d) Matt Kelly in Radical Compliance.
    6. How much BOD oversight of compliance is enough? Jeff Kaplan in Conflict of Interest Blog
    7. Compliance in recessionary times. Jim DeLoach in CCI.
    8. Water and corruption. Rick Messick in GAB.
    9. Why should an organization disclose diversity information? Antinuke Adrian in Harvard Law School Forum on Corporate Governance.  
    10. Data governance best practices. Eray Eliaçik in Data Economy

Podcasts and More

  1. Tom visits with Matt Galvin and Dan Kahn over a 2-part podcast series. In Part 1, they talk about dealing with the DOJ during an FCPA investigation and thereafter. 
  2. Into Star Trek, then join Tom and John Champion, who is on a 15-year mission to do a podcast on every episode of Star Trek, television, movie, and animated show on the podcast MissionLogPodcast.com. In Part 1, from TOS up to the start of TNG. In Part 2, from TNG to today. 
  3. This month on the Compliance Life, I visit with Susan Divers, Director of Thought Leadership at LRN. In Part 1, academic life and early professional career. In Part 2, she moves to the corporate world. 
  4. Why should you attend Compliance Week 2022? Find out on this episode of From the Editor’s Desk. Listeners get a $200 discount to CW 2022 with the code Fox200. More here
  5. Join Tom and Jay at ECI Impact 2022. Listeners to this podcast can save 20% off registration
    by entering discount code: TOM20 at checkout.
  6. Welcome back, Sam Rubenfeld.

Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.

Categories
Innovation in Compliance

The Data Confident Internal Auditor with Yusuf Moolla


 
Tom Fox welcomes Yusuf Moolla on this episode of the Innovation in Compliance Podcast. Yusuf is a Director at Risk Insights, co-cost of The Assurance Show Podcast, and co-author of The Data Confident Internal Auditor. He joins Tom to talk about how compliance professionals can utilize data analytics, data governance, and internal auditing.
 

 
Best Approaches To Data
The easiest way to approach data, Yusuf suggests, is to think about it as another form of evidence. “Over the years we’ve collected lots of manual documents as evidence…Data is just another piece of evidence,” he tells Tom. Data can be used by anybody, and it is very simple to do so. Currently, there has been an emergence of open-source tools to process data which has made it easier and cheaper for individuals. These open source tools have made it safer as well, as there are options to look into the source code for digital traps. Visualization is another approach to data that individuals can utilize. While relatively new, being able to visualize techniques both in terms of exploring and explaining data is becoming something that is gaining traction in the data analytics world. 
 
Internal Auditing Approaches
Yusuf explains to Tom that there are four main data approaches to consider when doing internal audits:

  • Data being used purely for reporting
  • The data-driven approach where the data does the talking
  • The process-focused approach
  • The hypothesis-focused approach

There are similarities between the process and hypothesis approaches. The process-focused approach has been the traditional way of doing audits. Over the years, however, it’s become less about how the process is done to achieve the intended result; it’s now about what the auditing result is. “So it’s not about looking at whether a process actually works the way that it’s been designed, it’s about looking at whether the process is working in the way in which it’s intended to be able to achieve its outcome,” Yusuf adds. 
 
Data Governance in Auditing
Making sure that data doesn’t fall into the wrong hands as an auditor is one of the main facets of data governance. It is a very basic and traditional approach, but over the years professionals have been implementing it in an overzealous way. This can hinder the ability to create value through data. Yusuf suggests a slight reverse approach where everyone has access to data unless there is a specific reason for them not to. “We want to keep a range of data elements secure, but others we want to open up,” Yusuf tells Tom. 
 
A Look Ahead
Tom asks Yusuf what the future of data analytics, data governance, and internal auditing will look like in the coming years. Yusuf explains that there will be a greater use of data science, and a greater use of data within internal audit without the need for data scientists and specialists. More practitioners will be getting into, and understanding IT, and more people will be using data for themselves. This will free the data scientists from the more mundane tasks, so they will have time to dedicate to the more advanced techniques. The same would apply for compliance as well. 
 
Resources
Yusuf Moolla | LinkedIn
Risk Insights
The Assurance Show
The Data Confident Internal Auditor
 

Categories
Innovation in Compliance

Leveraging Communications as an Asset with Robert Cruz

 
Robert Cruz is the Vice President of Information Governance at Smarsh and is Tom Fox’s guest on this episode of the Innovation in Compliance Podcast. Tom and Robert talk about information and data governance, communications data strategies, and how Smarsh helps its customers mitigate risks through its platforms.  
 

 
New Communication and Risk
In the hybrid work environment employees use new communication sources such as Whatsapp, Discord, and Slack to converse daily. This poses a risk that compliance professionals are now challenged to govern since each of these technologies is different. Firms have to update their systems for this purpose and this is where Smarsh comes in. “Our communications intelligence strategy and platform helps customers bring [communication data] into a central point of control, so they can not only identify the risk but also that they can leverage this information as an asset of their business,” Robert tells Tom. These new communication sources are simply ways for companies to engage, and if leaders can engage on their clients’ terms, it can allow them to expand their markets. 
 
A Level of Complexity
Workers have started to return to the office. Tom asks Robert to share how this has impacted the hybrid work environment, and if it has added any complexity for the compliance individual. The biggest challenge for compliance is that controls need to work consistently regardless of where an individual is. “You need to be securing an individual, not securing the particular location that individual is located in,” Robert says. Compliance professionals need to make sure that they don’t have blind spots, and that their controls work regardless of technology. This has also created more areas for which compliance professionals have to be accountable. 
 
What’s Next
Communications data strategies in the coming years are not going to be heterogeneous. Robert stresses that when data is heterogeneous, it makes it difficult for people to understand. What is going to happen in the future is an acceleration in public cloud adoption and the adoption of artificial intelligence solutions. “The use of the machine to help individuals get through the volume and variety of information… are definitely on trend lines and will just become even more prominent and common across not just large enterprises but into medium size and even smaller firms in the near future,” Robert remarks to Tom.
 
Resources
Robert Cruz | LinkedIn 
Smarsh
 

Categories
Innovation in Compliance

An Evangelist for Document Governance with Jen Snyder


 
Jen Snyder is the chief evangelist at GovQA, a technology company providing compliance software for governments. Tom Fox welcomes her to this week’s show as they discuss the compliance challenges facing governments, and how her company’s software is helping combat those challenges.

Government Challenges
Tom asks Jen to explain why management of government requirements is so critical and difficult. “In the government industry, everything you’re doing is being done with government money, so everyone has the right to understand what’s being done with that money,” she remarks. She adds that many of the challenges the government faces are because the private sector is ahead in terms of documentation: while the private sector’s documents and records are digitized, the government’s are still on paper. The pandemic has mandated a remote workforce, but adapting to a new normal is not familiar to government culture, Jen remarks.
Data Governance
With data governance, there is both the tactical solution and the strategic solution. Tom asks Jen to elaborate on how GovQA helps companies in these areas. “What we do as a company is we look and follow each state’s legislative rulings on how they need to manage data,” she says. GovQA always follows the process of CEO departments and governor offices’ data governance policies. Jen expresses that with the changes of the pandemic, and the civil unrest within the US, states are now re-evaluating their policies, and with that comes new data areas that need new governance.
Being Compliant
Jen talks about the software GovQA has in assisting companies with legal holds. She iterates that the software allows the organization to build an audit trail and then stores it within specific software, so it can be accessed when necessary. Customers can feel confident that their data is protected: the company follows federal standards and guidelines and even goes further to bring in a third-party auditor. Rigid adherence to compliance standards is part of GovQA’s workplace culture, Jen emphasizes.
Resources
GovQA
Jen Snyder on LinkedIn