Tag Archive | security

Internet Wide Security Issues: HeartBleed

Transaction Security

Transaction Security

Doing Any Business/Transactions Online

You may have noticed your internet connection is slow today, or you’re having problems sending eMail this week. You’re not the only one. That’s because there’s a bug in a piece of software that is widely used by many companies across the board for internet connectivity. It’s called OpenSSL.

It’s important to understand how THIS AFFECTS YOU as a casual user of the internet and why it’s so serious.

OpenSSL manages security behind the scenes for your secured connections while you’re surfing on the internet and doing your day to day business or personal activities. That’s social media, logging into your own blog, even your email servers probably run on OpenSSL.

It most probably also affects your Bank Account, and potentially any secured transaction you use online, from paying a bill, looking at your checking account balance, or buying that perfect Teapot on eBay. Even paying for an app on your phone could be impacted. It’s that wide spread. Continue reading

RSCA Methodology

riskRisk, Security & Compliance Assessments

The RSCA approach is used to evaluate the current state of Security and Compliance activities for SOx remediation within a business. RSCA is a three-step methodology designed to manage and provide oversight for business risk and compliance. But keep in mind that neither SOx nor RSCA are designed to eliminate all risk. They are designed to ensure risks are known and either corrected or accepted.

To that end, RSCA addresses your companies governance through:

  1. Planning and Data Collection
  2. Risk and Security Assessment
  3. Tracking and Reporting

These steps have been implemented at many large corporations facing large remediation initiatives. But it’s a method that can be easily scaled to any size business. These steps help to ensure both your business and IT processes are being adhered to, identifies gaps or risks that need to be resolved, tracks those resolution efforts and provides a method of reporting through each chain of command necessary for Governance, Risk Management and Compliance (GRC) Assessments.

See my IT Governance section for more information about IT Audit, and Governance, Risk Management & Compliance (GRC) and Risk, Security & Compliance Assessments (RSCA).

Continue reading