Category: Regulations

In a new case not covered by the report, a senior Malaysian minister vowed this week to apply law prescribing jail terms for Web writers of comments said to disparage Islam or the king.

In a speech to the OSCE parliament on Thursday, Kazakh Information Minister Yermukhamet Yertysbayev insisted Kazakhstan was determined to build democracy and create an “e-government” expanding Internet service and making “our media more free, contemporary and independent”.

The OSCE report said Kazakhstan’s state monopoly on Internet providers tended to deter use by making prices for all but very slow and limited dial-up service far higher than those for West Europeans even though Kazakh incomes are much lower.

http://news.com.com/Study+Internet+censorship+spreading/2100-1028_3-6199294.html?tag=nefd.top

The Data Retention (EC) Regulations (draft; the final Regulations were unavailable at time of writing) were approved by the House of Lords on Tuesday and signed into law by Home Secretary Jacqui Smith on Wednesday.

“Communications data, such as mobile phone billing data, have a proven track record in supporting law enforcement and intelligence agency investigations and are a vital investigative tool,” said Lord Bassam of Brighton, who proposed the adoption of the Regulations this week in the House of Lords. “Without this data, the ability of the police and the Security Service painstakingly to investigate the associations between those involved in terrorist attacks and those who may have directed or financed their activity would be limited,” said Bassam. “The police and the Security Service’s ability to investigate terrorist plots and serious crime must not be allowed to depend on the business practice that happens to be employed by the public communications provider that a particular suspect, victim or witness used.

The Home Office conducted a consultation on the regulations with the public and industry and said the telecoms industry told it that the collection of internet data was too complicated to be include in the current rules.

“Many respondents felt that the complexity surrounding the internet make the draft regulations an inappropriate framework for implementation of the internet aspects as this would present particular technical and resourcing issues,” said a Government response to the public consultation.

http://www.theregister.co.uk/2007/07/27/data_retention_law_passed/

“This proposed legislation is a firm step in the right direction in updating our identity theft laws to meet the needs of investigators and prosecutors who are working daily to punish identity thieves, and help victims put their lives back together,” Attorney General Alberto Gonzales said in a statement.

Deborah Platt Majoras, chairman of the Federal Trade Commission and co-chair of the president’s Identity Theft Task Force with Gonzales, said the bill would enhance law enforcement’s ability to crack down on identity theft.

http://www.internetnews.com/bus-news/article.php/3689936

“These controls and suggested tests are generic and should apply to all systems,” says Heriot Prentice, director of technology practices at the IIA in Altamonte Springs, Fla.

For one, all transactional systems such as ERP and financial systems–as well as support applications such as e-mail programs and design software–pose risks stemming from how they are configured, managed and used by employees. Another reason for regular audits and tests of software controls is that any configuration changes or modifications to business applications can introduce additional risk. For instance, tolerance levels can be manipulated to disable controls.

For this reason, the GTAG guidance recommends that auditors should be part of any software-implementation or upgrade team to ensure controls are in place and working. Prentice recommends that companies make their software-control audits a joint effort involving the chief internal auditor, the CFO and the CIO. “One of the biggest issues I’ve found when it comes to I.T. is that the chief audit officer or the CFO in many cases may not understand the technology, while at the same time, the CIO may not understand the auditors’ needs,” he says.

Software controls are used to monitor a variety of aspects of the application, including input, processing, output and data integrity, as well as data storage and retrieval. Some controls are embedded into transactional and support applications, such as an automated accounts-payable match of invoice with purchase order and notice of receipt of shipment. Other controls are configurable, such as an accounts-payable system’s limit on the amount of an invoice that can be processed without certain approvals.

Management trail—Processing-history controls, often called an audit trail, allow management to identify the transactions and events they record by tracking each transaction from the source to the output and by tracing backward.

http://www.baselinemag.com/article2/0,1397,2143482,00.asp?kc=BARSS02129TX1K0000533

A group of Web sites, including Google and CNET Networks, that rely on interactive advertising have lobbied for nearly a dozen changes (PDF) to the bill.

The Information Technology Association of America, the American Bankers Association and the Interactive Advertising Bureau have all favored the I-SPY Act over the SPY Act, stated an CNET News.com article.

http://www.securityfocus.com/brief/519?ref=rss

“If it passes, it will allow companies and auditors to worry more about the things that matter when it comes to financial fraud,” says Patrick Taylor, CEO of Oversight, which makes software for analyzing the accuracy and security of financial transactions. Companies will be able to focus their attention on the more common paths to fraud, such as changes to the general ledger and revenue recognition, and not worry about unlikely paths, like backup.”

The chief problem is that the law, which is designed to keep public companies from cooking their own books, is extremely vague in its requirements, particularly with regard to IT. “For example, the current guidelines require the auditor do a walk-through of every transaction path that might result in a change to financial data,” says Davis. “In a large company, you can imagine how many transaction paths there are.”

But the PCAOB’s proposed changes to the audit standards would allow companies to perform a risk assessment of their systems and practices, and then focus their efforts on the most likely paths of financial fraud, instead of trying to close every possible loophole. “Those are going to be changes that somebody makes to the general ledger, which are relatively easy to detect. “That’s the kind of thing that could make the difference between an audit lasting two weeks or lasting two months,” Davis says.

http://www.darkreading.com/document.asp?doc_id=124538&WT.svl=news1_1