Cybersecurity involves protecting the enterprise from internal or external attack and responding after the enterprise has been attacked.  How do you ensure your business continues to operate if its cybersecurity is breached?  It’s not just sending notices to affected customers and paying for credit watches.

“Banks Create Cyber Doomsday System,” The Wall Street Journal, December 4, 2017 B1.  By requiring banks and credit unions to back up their data so that operations can be restored after a breach.  This also protects confidence in the overall banking system.

Do you have a business continuity plan?  Does it address how you will access your critical information so that you can continue to operate?

What’s surprising is that this is newsworthy.


Leave a comment

Filed under Access, Board, Business Case, Business Continuity, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Information, Interconnections, Internal controls, IT, Operations, Oversight, Protect assets, Protect information assets, Security, Value

Why listen to the court?

“Battle at CFPB Rages On,” The Wall Street Journal, December 4, 2017 B9.  The person who lost in her attempt to seize control of the CFPB despite the appointment of Mick Mulvaney as the head of the agency asks the court to do “a more complete legal assessment of her claims.”

I guess if you don’t like the first decision, you might as well ask again, right?

Governance involves having a clear idea of who governs.  I suspect the court will clarify the matter for her and her lawyer.

Leave a comment

Filed under Compliance, Controls, Duty, Employees, Governance, Ownership, Third parties

More executive firings

“Security Shake-Up At Uber,” The Wall Street Journal, December 4, 2017 B4.  Three members of Uber’s security team resigned.  Voluntarily.  And another is on extended medical leave.

This after Uber recently disclosed a data breach a year ago that exposed 57 million user accounts.  And after reports of a team established to access competitors’ technology.

Culture, anyone?  Or attempts to protect the brand at the expense of employees?

Leave a comment

Filed under Compliance, Controls, Corporation, Culture, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Oversight, Protect assets, Security

Violating company policy

Who gets fired for violating company policy?  How often is it a senior executive?

“Visa Cites Behavior In Firing Executive,” The Wall Street Journal, December 4, 2017 B3.  We don’t know what the violation was.  Yet.  But he was a high-flyer, handling the Apple and PayPal partnerships.

Does this send a message to the rest of the organization?  Does it depend on the policy he violated?

Does your company publish information on how many people have been disciplined for violations?  If not, why not?

Leave a comment

Filed under Compliance, Compliance, Controls, Corporation, Duty, Employees, Governance, Internal controls, Management, Oversight, Policy

Collecting personal information

Those of us familiar with the EU are familiar with government agencies placing and enforcing restrictions on the collection of personal information, to protect the privacy rights of its citizens.

“CFPB Curbs Data Collection,” The Wall Street Journal, December 5, 2017 B5. The Consumer Financial Protection Bureau stops collecting personal information (including data on credit cards and mortgages) until adequate cybersecurity protections are in place.

Delicate balance between protecting privacy and protecting your credit?  Or the recognition by the government of their duty to protect our information?

Leave a comment

Filed under Controls, Duty, Duty of Care, Governance, Government, Information, Internal controls, IT, Ownership, Privacy, Protect assets, Security

Another one bites the dust

“Steinhoff’s CEO Resigns Amid Accounting Probe,” The Wall Street Journal December 7, 2017 B3.  Off-balance sheet accounting leads to resignation of CEO of parent company of Sleepy’s (a mattress brand), and a drop of 62% in share value.

Where was the Board?  Where were the auditors?  Trying out the company product?

Who pays the price of management’s failure?

Leave a comment

Filed under Accuracy, Compliance, Compliance, Compliance Verification, Controls, Corporation, Culture, Duty, Employees, Governance, Information, Internal controls, Oversight, Oversight, To report, Value

Who captures the metrics?

“Nielsen Acknowledges It Misses ‘Live’ Streamers,” The Wall Street Journal December 7, 2017 B3.  Networks don’t get full credit on the viewing statistics (number of viewers for a particular show) for all the live viewers.  Apparently, those viewers who stream certain broadcasts aren’t fully counted.

What do you do when technology changes, and it’s harder to count what you’re used to counting?  How do you price your offering?  What’s your information worth?

Leave a comment

Filed under Accuracy, Analytics, Data quality, Definition, Information, Value