Based on over thirty years of experience, recognized industry leader Gary Lynch reveals in this essential guide a game plan to identify and manage a range of risks faced in this brave new globalized world of changing market dynamics and complex high-tech value networks. This groundbreaking book articulates an experienced-based and spot-on assessment of risk management realities that all corporations should make core to their corporate cultures.
To comply with government and industry regulations, such as Sarbanes-Oxley, Gramm Leach Bliley (GLBA), and COBIT (which can be considered a best-practices framework), organizations must constantly detect, validate, and report unauthorized changes and out-of-compliance actions within the Information Technology (IT) infrastructure. Using the IBM® Tivoli Security Information and Event Manager solution organizations can improve the security of their information systems by capturing comprehensive log data, correlating this data through sophisticated log interpretation and normalization, and communicating results through a dashboard and full set of audit and compliance reporting. In this IBM Redbooks® publication, we discuss the business context of security audit and compliance software for organizations and describe the logical and physical components of IBM Tivoli Security Information and Event Manager. We also present a typical deployment within a business scenario. This book is a valuable resource for security officers, administrators, and architects who want to understand and implement a centralized security audit and compliance solution.
Every organization has a core set of mission-critical data that requires protection. Security lapses and failures are not simply disruptions, they can be catastrophic events with consequences felt across the enterprise. The inadvertent mistakes of privileged users alone can result in millions of dollars in damages through unintentional configuration errors and careless security commands. Malicious users with authorized access can cause even greater damage. As a result, security management faces a serious challenge to adequately protect a company's sensitive data. Likewise, IT staff is challenged to provide detailed audit and controls documentation in the face of increasing demands on their time. Automation and simplification of security and compliance processes can help you meet these challenges and establish effective, sustainable user administration and audit solutions. This includes security database cleanup, repeatable audit of configurations and settings, and active monitoring of changes and events. IBM Tivoli Security Management for z/OS V1.11 provides these solutions to help enhance the security of mainframe systems through automated audit and administration. In this IBM® RedpaperTM document we discuss how Tivoli® Security Management for z/OS® allows you to submit mainframe security information from z/OS, RACF®, and DB2® into an enterprise audit and compliance solution and how to combine mainframe data from z/OS, RACF, and DB2 with that from other operating systems, applications, and databases in order to provide the ability to capture comprehensive log data, interpret that data through sophisticated log analysis, and communicate results in an efficient, streamlined manner for full enterprise-wide audit and compliance reporting.
Providing a comprehensive framework for a sustainable governance model, and how to leverage it in competing global markets, Governance, Risk, and Compliance Handbook presents a readable overview to the political, regulatory, technical, process, and people considerations in complying with an ever more demanding regulatory environment and achievement of good corporate governance. Offering an international overview, this book features contributions from sixty-four industry experts from fifteen countries.
Examines how risk management security technologies must preventvirus and computer attacks, as well as providing insurance andprocesses for natural disasters such as fire, floods, tsunamis,terrorist attacks Addresses four main topics: the risk (severity, extent,origins, complications, etc.), current strategies, new strategiesand their application to market verticals, and specifics for eachvertical business (banks, financial institutions, large and smallenterprises) A companion book to Manager's Guide to the Sarbanes-Oxley Act(0-471-56975-5) and How to Comply with Sarbanes-Oxley Section 404(0-471-65366-7)
In the current business climate the impact of the volume and nature of regulatory change and the regulatory risk arising from this is a significant business risk for regulated firms and regulators alike. As a consequence, management of this risk is increasingly high on the board agenda of regulated firms, with those business functions whose activities support this, such as Compliance, facing increasing levels of challenge in their efforts to be effective. The Changing Face of Compliance addresses core aspects of this challenge, considering the relationship between regulation and compliance and key influences on both, offering insight into the effectiveness of current approaches and addressing practical compliance challenges. Sharon Ward explains how the role of Compliance might be strengthened and those who work within it further enabled to support the current focus on improving standards in business, offering recommendations for enhancing this role. The text includes a mix of hands-on advice, examples and research based on the experiences of practitioners, educators and regulators drawn from across a wide range of jurisdictions and sectors. This is a thoughtful and timely book, whether you are concerned about the growing and changing implications of regulatory risk; the benefit of leveraging additional value from your Compliance function or your own Compliance role; or ways of transforming and sustaining the function to ensure its continued relevance to the business.
There is a lot of information available on governance, risk and compliance as separate subjects but little on the interrelation between the three components known in the industry as enterprise-wide governance, risk and compliance (eGRC). This book brings eGRC to the reader in a way that starts with simple concepts and builds on them to provide insight and a practical guide for a holistic approach to eGRC. Companies have to manage risk in order to remain a sustainable force in the marketplace. Efforts to reduce risk can, unintentionally, be uncoordinated, disjointed or even neglected. Through not implementing a more cohesive and systematic approach to managing risk, opportunities to benefit the company can also be missed. Beyond Play offers a practical and simple approach. Compliance is a very specific form of risk: that of complying with the law, but the role of the compliance officer includes a lot more. Working with the law and regulators and applying a compliance methodology are explained to provide value to learners, compliance officers, managers, prescribed officers and directors. Many companies 'play' at corporate governance, probably because it is perceived as being 'too big' to grasp. This book will change your thinking and will help directors' pave the way for implementing a framework that can be worked with on a practical level within an enterprise wide risk management context. the systemic nature of risk means it can spread to customers, shareholders, communities and economies as the credit bubble of 2008 has proved. Equally, a company that applies a robust an intelligent approach to eGRC has a positive influence on the marketplace, the community and a nation. Do you believe that your business, whether for profit or not for profit and on the basis on which it currently operates, is sustainable in an increasingly dynamic world? This book uses examples from the financial services industry; it also makes reference to South African legislation and governance codes. These references do, however, focus on international best practices so the methodologies can be universally applied. Governance, risk and compliance is an integrated concept to be incorporated within an enterprise risk framework which helps an organisation, either private or public, for profit or non profit, to direct its strategies and operations with integrity and within the law; the reason being to achieve its goals in such a way that its stakeholders and the economy as a whole are never compromised or put at risk beyond that which has been carefully defined and deemed acceptable.
This volume examines the topic of compliance with COVID-19 restrictions, and the non-pharmaceutical measures taken by governments in attempts to bring the pandemic under control. Discovery that COVID-19 was largely transmitted through the air meant that public health strategies were needed to limit close physical contact between people. Epidemiological modelling offered initial interventions to tackle the rate of spread, but to be effective these measures were dependent on widespread public adoption and compliance. This book examines the key theories and empirical approaches to behavioural change and compliance, and reviews research on their relative effectiveness in driving public behaviour. Author Barrie Gunter considers four principal models used: nudge theory, social identity-group processes theory, theory of planned behaviour and the capability-opportunity-motivation-behaviour (COM-B) model. Gunter weighs the pros and cons of each, offers commentary on lessons that can be learned from their application during the pandemic, and what they may have to offer in a triangulated approach, theoretically, methodologically and in terms of policy making. Examining not just the extent of compliance but also the psychological drivers of this behaviour over time, this is essential reading for students and researchers in psychology, public health and medical sciences, and policy makers assessing government strategies, responses and performance.