Investigations/Forensics
The following 36 items are listed by date. Click a link on the left to narrow your topic search results.
September 6, 2010 U.K. Bribery Act 2010: Important Implications to Doing Business in the United Kingdom Most U.S. companies know about the Foreign Corrupt Practices Act, a U.S. law prohibiting the bribery of foreign officials. They may not be aware, however, of a new U.K. law that goes even further and impacts any organization doing business in the United Kingdom. In this podcast, Protiviti Managing Director Jonathan Wyatt talks about the far-reaching impact of this new legislation on businesses worldwide. CONTENT AREA: Podcasts TOPICS: United Kingdom, Investigations/Forensics, Laws & Regulations, Fraud August 23, 2010 Intercompany Terms, Domestic and International Inbound/Outbound Logistics Policy This policy establishes the guidelines for recognizing revenue, costs of goods sold and in-transit inventory. It focuses on the proper recognition of revenue and in-transit inventory with the numerous international commercial terms used at a company. CONTENT AREA: Policies & Procedures TOPICS: Investigations/Forensics, Materials Management & Inventory, Revenue, Outsourcing/Co-sourcing/Shared Services, Laws & Regulations August 23, 2010 There must be Thirty Ways to Steal Your ID Identity theft has been going on for ages, but the internet has created the opportunity for growth. This article outlines some thirty ways that fraudsters commonly commit identity theft and exploit stolen identities, with detailed information on phishing using actual phishing e-mails to illustrate the techniques. CONTENT AREA: Articles TOPICS: Internet/Intranet, Security, Investigations/Forensics, Network & Internet Security, Ethics, Fraud August 2, 2010 eDiscovery versus Computer Forensics It is imperative for an organization of any size or type to understand what is required under electronic discovery rules and best practices. Creating and practicing these procedures before they are actually required will save organization resources, time, and money. This article focuses on the what, when, why, where and how of discovering, recovering and preserving electronic evidence, and also brings out the difference between electronic discovery and computer forensics. CONTENT AREA: Articles TOPICS: IT Controls, Investigations/Forensics, Fraud, Laws & Regulations May 24, 2010 E-Mail Discovery: Latest Cases Impel Public Agencies to Retain Records Since the adoption of special amendments to the Federal Rules of Civil Procedure in late 2006, the field of e-discovery law has grown more dangerous for public agencies. Recent cases show courts are serious about expecting litigants to possess and be able to find their e-mail and other electronic records. Litigation trends suggest that an agency is wise to be generous in the retention of e-mail by decision makers and to be capable of easily finding and searching the more recent records. A prudent course would be for the agency to implement a central e-mail archival system. CONTENT AREA: Articles TOPICS: Document Retention, Fraud, Investigations/Forensics, Laws & Regulations, Software March 29, 2010 Corruption Risk – Playing by the Rules in a Global Market In this episode of Powerful Insights, Protiviti Director Pamela Verick discusses the many facets of the Foreign Corrupt Practices Act, a law with which every U.S. organization and those with U.S.-listed securities must comply. Pam is leader of Protiviti's Fraud Risk Management Services group and is a recognized expert on FCPA compliance requirements. CONTENT AREA: Podcasts TOPICS: Fraud, Internal Controls, Investigations/Forensics, Risk Management & Assessment March 8, 2010 Landmark Case Could Be a Game Changer: E-discovery is No Longer Just a Legal Issue Last month, a court order laid down criteria for evaluating discovery conduct that potentially impacts the risk profile of every company involved in U.S. litigation. For C-level executives that have had difficulty staying with the e-discovery conversation in the past, now is the time to pay attention. Given the potential impact to the risk profile of organizations involved in U.S. litigation, the objective of issuing this Flash Report is to supplement and highlight the legal analyses with the business message to help executives outside of the legal department understand what this ruling really means from a nonlegal point-of-view. CONTENT AREA: Regulatory Updates TOPICS: Audit Committee & Board, Risk Management & Assessment, Investigations/Forensics, Ethics, Fraud, Laws & Regulations February 22, 2010 Electronic Discovery: An Academic Exercise or Your Next Crisis? – Questionnaire Electronic discovery (or e-discovery) refers to the process by which relevant electronically stored information is produced as evidence when an organization faces legal or regulatory action. This document poses questions for the board and management to reduce the costs, burden and time associated with e-discovery. CONTENT AREA: Checklists & Questionnaires TOPICS: Risk Management & Assessment, Investigations/Forensics, Fraud December 21, 2009 Crime Prevention through Environmental Design This is an introduction to crime prevention through environmental design (CPTED), which is the "proper design and effective use of the built environment that can lead to a reduction in the fear and incidence of crime, and an improvement in the quality of life." CPTED encompasses (1) the criminal offender perspective regarding an environment and the risk of getting caught when committing a crime and (2) the social dynamics, sense of ownership of the environment, and their associated protective actions by persons who work, live, or traverse the environment en route to another destination. CONTENT AREA: Articles TOPICS: Access Control Systems, Investigations/Forensics, Physical Security, Security Architecture & Models, Fraud, Privacy March 9, 2009 Critical Success Factor Survivability for Engaged Information Security Professionals Today within the information security industry, more than ever before we have security frameworks, blueprints, methodologies, checklists, security management dashboard software, best practices, and ongoing academic research supported by substantial grants or budgets for engaging security implementation. But information security accidents and sensitive data spills continue at an alarming rate. Read this article to learn how a highly motivated, reliable, goal setting competent individual who remains one step ahead of anyone handling, moving, or safeguarding data can help to keep information secure. CONTENT AREA: Articles TOPICS: Technology, IT Infrastructure, IT Strategy, Security, Investigations/Forensics, Security Architecture & Models, Security Management Practices, Project Management, Training & Development March 9, 2009 Customer Proprietary Network Information The protection of Customer Proprietary Network Information (CPNI) was mandated by the Federal Communications Commission (FCC) as companies strive to become compliant with the FCC Pretexting Order of 2007. It is important to understand exactly what CPNI is and is not, the importance of safeguarding this data, the rules for compliance, and how Protiviti’s framework can be practically applied to achieve ongoing compliance. CPNI is sensitive customer information that must be protected, just as credit card information and Social Security numbers are safeguarded. Taking the necessary precautions to protect this data is in the best interest not only of customers, but also of service providers whose success relies on customer confidence. CONTENT AREA: Articles TOPICS: Technology, IT Controls, Telecommunications, Security, Access Control Systems & Methodology, Investigations/Forensics, Security Architecture & Models, Security Management Practices February 16, 2009 The Cyber Threat to National Critical Infrastructures: Beyond Theory Adversary threats to critical infrastructures have always existed during times of conflict, but threat scenarios now include peacetime attacks from anonymous computer hackers. Current events, including examples from Israel and Estonia, prove that a certain level of real-world disorder can be achieved from hostile data packets alone. This article shows that as dependence on IT and the internet grow, governments should make proportional investments in network security, incident response, technical training, and international collaboration. CONTENT AREA: Articles TOPICS: Technology, IT Strategy, Security, Access Control Systems & Methodology, Investigations/Forensics, Network & Internet Security, Security Architecture & Models, Security Management Practices January 26, 2009 Fraud Management in the 21st Century This article details the brief history of risk-based fraud detection programs, defines current solutions provided by the likes of SAP, Oracle, and many others, and explains the value that fraud detection software can provide to your organization. Beginning with a brief case study of initial attempts of software specific fraud detection, the article discusses how these tools have evolved to provide continuous assurance and the overall value proposition for automated fraud detection. CONTENT AREA: Articles TOPICS: Fraud, Investigations/Forensics, IT Controls, Technology January 5, 2009 Top Security Trends of 2008 and What to Watch for in 2009 Symantec has taken a look back at the top security trends of 2008, and has used that information to predict what the top threats are for 2009. Security threats for 2009 are related to advanced web threats, the economic crisis and social networks. CONTENT AREA: Articles TOPICS: Technology, Security, Investigations/Forensics, Network & Internet Security, Security Architecture & Models November 24, 2008 Computer Printouts as Legal Evidence Advances in computer technology have changed the ways courts evaluate and accept the value of evidence. This article discusses computer-based information and its uses as evidence in legal proceedings. It explains the rules of evidence and their effect on an organization’s management of its databases and describes methods of handling requests for production of computerized data. CONTENT AREA: Articles TOPICS: Technology, IT Audit, Sarbanes-Oxley Act, Document Retention, Reporting/Disclosure, Security, Investigations/Forensics, Fraud, Laws & Regulations November 17, 2008 What the Amendments to the Federal Rules of Civil Procedure Mean to Your Company (KLplus Risk Brief) This course discusses the Supreme Court's amendments to the Federal Rules of Civil Procedure, which took effect on December 1, 2006. These amendments provide guidance on the handling of electronically stored information in litigation. With the publication of these amendments, a legal framework now exists from which we can analyze and build policies and process for litigation preparedness; even if some of the amendments have left room for interpretation. CONTENT AREA: Risk Briefs TOPICS: Document Retention, Fraud, Investigations/Forensics, Laws & Regulations, Sarbanes-Oxley Act, Security August 11, 2008 Communications Data Retention: A Pandora’s Box for Rights and Liberties? This chapter discusses the retention of communications data as a security measure, which interferes with the right to privacy. Privacy is perceived not as merely a right possessed by individuals, but as a prerequisite for making autonomous decisions, freely communicating with other persons, and being included in a participation society. CONTENT AREA: Articles TOPICS: Security, Investigations/Forensics, Security Management Practices, Document Retention, Privacy June 9, 2008 Electronic Data Speaks - What Does It Say About Your Organization? (KLplus Risk Brief) The most common approach to dealing with fraud today is a 'reactive' approach. However, companies are beginning to embrace measures to help pinpoint indicators of fraud before the act is carried to fruition. One of the most effective ways to monitor fraud and misconduct risk is through a combination of data analysis and data mining. CONTENT AREA: Risk Briefs TOPICS: Training & Development, Fraud, IT Controls, Technology, Internal Audit, IT Audit, Security, Investigations/Forensics October 29, 2007 Behavioral Genotype Technology: A New Approach to Proactive Detection of New Malware This article discusses behavioral genotype technology, a new approach to detecting malware. It uses pre-execution scanning to determine the function of an application and what behavior it is likely to exhibit, without allowing the program to run. Static characteristics can also be determined to reinforce the identification of malicious behavior. CONTENT AREA: Articles TOPICS: Technology, Security, Investigations/Forensics October 29, 2007 Understanding the Basics of Computer Forensics Computer forensics is the process of acquiring, analyzing and reporting digital evidence. While exciting, computer forensics is based on sound scientific principles and follows a clearly defined path. In this article, Protiviti’s Paul Lewis discusses the many aspects of computer forensics and how to follow proper standards when using this method of information detection. CONTENT AREA: Articles TOPICS: Technology, IT Controls, IT Strategy, Security, Investigations/Forensics, Security Management Practices August 20, 2007 Continuous Transaction Monitoring Poll This week's poll question asks, "Does your audit department use a form of continuous transaction monitoring?" CONTENT AREA: Articles Support TOPICS: Technology, IT Controls, Sarbanes-Oxley Act, Internal Audit, Internal Controls, Security, Investigations/Forensics, Fraud August 20, 2007 Transaction monitoring represents vast, untapped potential for internal audit effectiveness Since the internal audit profession began, periodic, representative sampling has been used to verify the effectiveness of controls or to uncover issues that need to be addressed. The key word is "periodic." In this article, Protiviti’s John Harrison describes how having the means to monitor specific processes on a continuous basis has long been the vision of academics and many progressive internal auditors. This concept of “transaction monitoring” is now a reality for auditors. CONTENT AREA: Articles TOPICS: Technology, IT Controls, Sarbanes-Oxley Act, Internal Audit, Internal Controls, Security, Investigations/Forensics, Fraud, Continuous Auditing January 1, 2007 What the Amendments to the Federal Rules of Civil Procedure Mean to Your Company The Supreme Court recently approved amendments to the Federal Rules of Civil Procedure, which took effect on December 1, 2006. These amendments provide guidance on the handling of electronically stored information in litigation. With the publication of these amendments, a legal framework now exists from which we can analyze and build policies and process for litigation preparedness; even if some of the amendments have left room for interpretation. CONTENT AREA: Articles TOPICS: Document Retention, Fraud, Investigations/Forensics, Laws & Regulations, Sarbanes-Oxley Act, Security October 9, 2006 Electronic Data Speaks - What Does It Say About Your Organization? The most common approach to dealing with fraud today is a 'reactive' approach. However, companies are beginning to embrace measures to help pinpoint indicators of fraud before the act is carried to fruition. One of the most effective ways to monitor fraud and misconduct risk is through a combination of data analysis and data mining. CONTENT AREA: Articles TOPICS: Fraud, IT Controls, Technology, Internal Audit, IT Audit, Security, Investigations/Forensics August 15, 2005 Counseling on the Fringe of Indictment The President’s Corporate Fraud Task Force remains focused on cleaning up corruption in the board room, restoring investor confidence to the marketplace and sending a clear message that corporate wrongdoing will not be tolerated. The Department of Justice has issued statements regarding the federal prosecution of business organizations, detailing a set of principles to guide its prosecutors as they consider whether to seek charges against a company. These guidelines also offer corporate counsel insight into navigating turbulent indictment waters. CONTENT AREA: Newsletters TOPICS: Fraud, Investigations/Forensics, Laws & Regulations, Financial Services Industry November 24, 2003 Compromise Recovery and Incident Handling Most systems administrators are too busy to pay any special attention to security. As a result, many such installations are susceptible to hackers and sooner or later get compromised. This article explains the steps to be taken for compromise recovery and ways to handle such incidents. CONTENT AREA: Articles TOPICS: Technology, Security, Investigations/Forensics, Software June 30, 2003 Incident response and fraud investigation - the role of the information technology auditor All IT-related frauds start as an IT incident, which is an event that disrupts day-to-day IT processing. Incident response is the first step: determine what happened, decide what to do about it and determine whether the incident is fraud related. This article discusses incident response issues, and then provides guidance on the role of information technology auditors in fraud response, investigation, analysis, and prevention. CONTENT AREA: Articles TOPICS: Fraud, Technology, Internal Audit, Laws & Regulations, Security, Investigations/Forensics, IT Audit February 24, 2003 Attractive Hazard: Entrapment or Forensic Tool? A honeypot is “a security resource whose value lies in being probed, attacked or compromised.” To be effective, a honeypot must be both visible and attractive, but this raises several ethical issues. This article discusses some of the issues and design considerations for defending the use of a honeypot. CONTENT AREA: Articles TOPICS: Technology, Security, Investigations/Forensics, IT Audit January 27, 2003 Forensic Fieldwork: Experience Is the Best Teacher This article presents a situation that a forensics investigator might encounter in the field, along with an approach that can be used to succeed in conducting computer forensic analysis. The eight areas of forensic fieldwork are explored, including: preparation, documentation, collection, authentication, analysis, preservation, production, and reporting. CONTENT AREA: Articles TOPICS: Fraud, Technology, Security, Investigations/Forensics, Software CanCERT In every major industrialized nation in the western world, government and industry have a national capability for coordinating a response to computer-related security incidents. In Canada, this capability is provided by CanCERT™. In collaboration with other CERTs around the world and provincial Information Protection Centres, CanCERT™ provides a valuable service both to Canadians and to foreign agencies investigating incidents that involve Canada. CONTENT AREA: Best Business Links TOPICS: Technology, Security, Investigations/Forensics, Canada Computer Emergency Response Team (CERT) The CERT Coordination Center was formed by the Defense Advanced Research Projects Agency (DARPA) in November 1988 in response to the needs identified during an Internet security incident. CONTENT AREA: Best Business Links TOPICS: Business Continuity Management, Technology, Security, Investigations/Forensics, IT Infrastructure, Aerospace & Defense Industry Department of Justice (DOJ): Internet Fraud Initiative The DOJ established its Internet Fraud Initiative in February 1999, and has since been expanding its efforts to combine criminal prosecution with coordinated analysis and investigation as part of a comprehensive approach to combating Internet Fraud. CONTENT AREA: Best Business Links TOPICS: Fraud, Technology, Security, Investigations/Forensics Forum of Incident Response and Security Teams (FIRST) FIRST is an international consortium of computer incident response and security teams who work together to handle computer security incidents and to promote preventative activities. CONTENT AREA: Best Business Links TOPICS: Business Continuity Management, Fraud, Technology, Security, Investigations/Forensics, IT Audit, IT Infrastructure, Software High Tech Crime Consortium The High Tech Crime Consortium incorporates a pool of expert consultants in diverse professions such as intelligence analysis, investigation management, computer forensics investigation, crime analysis and research, computer programming and software development. CONTENT AREA: Best Business Links TOPICS: Technology, Intellectual Property, Privacy, Security, Investigations/Forensics NIPC - National Infrastructure Protection Center The National Infrastructure Protection Center (NIPC) serves as a national critical infrastructure threat assessment, warning, vulnerability, and law enforcement investigation and response entity. CONTENT AREA: Best Business Links TOPICS: Technology, Security, Investigations/Forensics, IT Infrastructure United States Secret Service (USSS) The United States Secret Service is mandated by the U.S. Congress to carry out two distinct and significant missions: protection and criminal investigations. CONTENT AREA: Best Business Links TOPICS: Fraud, Risk Management & Assessment, Security, Financial Services Industry, Investigations/Forensics, GRC
|