Good Reading

CFO.com - Common Audit Screwups

Interesting article based on poll of Big Four partners on common audit mistakes that cost companies time, money and audit results.

CFO.com - Who's Your Auditor's Boss

The PCAOB mulls whether to give more instruction for the supervision of individual auditors — and could refine the board's approach toward sanctioning audit abuses.

Why do we need to patch our systems so often?

Interesting article on new large scale web site based security issue. Note that about half way down it says "The attack code takes advantage of bugs that have already been patched".

CFO.com - National Century CFO, Four Others Guilty of Fraud

Long prison sentences could be handed down as a result of a scheme to deceive investors about the financial state of the healthcare finance company.

Macworld.com - Hacker pleads guilty to computer fraud for adware

A 21-year-old could face up to 10 years in prison in the U.S. after pleading guilty to installing advertising software on PCs located around Europe without permission.

California Backs Off Real ID

For a short moment Thursday, millions of Californians were in danger of facing pat-downs at the airport and being blocked from federal buildings come May 11.

SANS.org - Information Warfare in Tibet

A very technical article giving an overview of cyber attacks being seen in the ongoing conflict in Tibet. A good example of the types of attacks corporate America needs to be prepared for.

SecurityFocus.com - Law makers voice concerns over cybersecurity plan

Members of the House of Representative sought details, on Thursday, of a $30 billion plan to secure federal government systems and upgrade network defenses to ward off attacks from foreign nations and online criminals.

Citigroup to pay $1.6 billion to settle Enron claims

NEW YORK (Reuters) - Citigroup (C.N: Quote, Profile, Research) has agreed to pay Enron Corp creditors $1.66 billion as the final part of a settlement of a lawsuit over banks' responsibility in the energy trading firm's downfall, a group representing creditors said on Wednesday.

NPR - Dodd Calls for Scrutiny of Bear Stearns Bailout

All Things Considered, March 26, 2008 · Sen. Christopher Dodd (D-CT) calls for hearings on the Federal Reserve's role in saving investment firm Bear Stearns.

InfoWorld.com - Top 10 Security Landmines

Companies can actually worsen their risks by failing to take these commonsense approaches to security.

ComputerWorld - Another Windows XP Reprieve Unlikely, Analysts Say

Microsoft may be set to extend Windows XP's availability in some cases, but it's not expected to give the aging operating system a general reprieve.

PCWorld.com - Viruses Expected to Hit 1 Million This Year

The total number of viruses will reach one million by year's end, according to security experts.

PCWorld.com - New Attack Kit Targets Bag of ActiveX Bugs

Hackers are using a new multiple-attack package composed of seven ActiveX exploits, many of them never seen in the wild before, a security company on Friday.

The Street.com - Three Big Reasons to Go Paperless

It's not just good for the environment, it's good for your finances too.

NetworkWorld - U.S. cyber readiness lagging, panel says

Cybercriminals are becoming more sophisticated, more organized and more dangerous, according to security experts at this week's RSA show.

BBC News - Computer Viruses Hit One Million

The number of viruses, worms and trojans in circulation has topped the one million mark.

Wired.com - Zombie Computers Decried As Imminent National Threat

Gangs of thousands of zombie home computers grinding out spam, committing fraud and overpowering websites are the most vexing net threat today, according to law enforcement and security professionals.

CFO.com - FEI on Data Tagging: No Benefit to CFOs

Companies participating in the XBRL voluntary program have seen no improvements to their internal operations, according to Financial Executives International.

PCAOB Pings Grant Thornton on Lax Testing

In its latest inspection report on the second-tier firm, the auditor watchdog notes several instances of insufficient probing.

Information Week.com - Don't Let Tech-Savvy Business Execs Do An End Run Around IT

Interesting article that illustrates the need for a strong but flexible control structure in today's technology savvy marketplace.

Wall Street Journal.com - Security is No Match for Chocolate and Good Looking Women

People are too trusting, especially when there’s chocolate on the line. A survey out today by the organizers of the tech-security conference Infosecurity Europe found that 21% of 576 London office workers stopped on the street were willing to share their computer passwords with a good looking woman holding a clipboard. People were offered a chocolate bar in exchange for the information. More than half of the people surveyed said they used the same password for everything.

NY Times.com - In Pellicano Case, Lessons in Wiretapping Skills

Wiretapping is really, really easy. And not just for the government. Anyone sitting in on the Pellicano trial (and staying awake during the telecom testimony) could walk away ready to intercept phone calls after a quick stop at RadioShack for less than $50 in equipment.

CFO.com - Auditor Angst

Want faster, cheaper audits? Your auditor humbly suggests you avoid last-minute data dumps and other less-than-helpful practices.

WindowsSecurity.com - Top 10 Security Settings After Installing Active Directory

Great 'how to' on top 10 security settings for Active Directory

NetworkWorld.com - Parasitic Botnet Spams 60 Billion a Day

The Srizbi botnet has stormed over its competition to become the Internet's biggest spammer. Researchers claim the botnet is responsible for 50% of all spam, and is the biggest of its kind in history.

CFO.com - When CFO's Are Suddenly Put In Charge Of IT

When CFOs are suddenly put in charge of IT, how do they get up to speed?

NPR.com - E-Mail, the Workplace and the Electronic Paper Trail

E-mail and other electronic communications have dramatically changed the contemporary legal landscape.

PCWorld.com - One in Three IT Staff Snoops on Colleagues

One in three IT professionals abuses administrative passwords to access confidential data such as colleagues' salary details and personal emails.

CFO.com - Small Co. Reprieve: Sarbox Deadline Delayed

Smaller companies get a one-year compliance extension on Sarbox 404(b).

CFO.com - Less Bleeding, More Edge - Curbing IT Spending

Runaway IT spending is out, creative cost control is in.

NetworkWorld.com - Seven steps to disaster-recovery planning

Unpredictability is a fact of life. Whether terrorist attacks, cataclysmic weather or simply a backhoe severing a power cable, enterprises never know when their operations may be threatened. But mitigating the consequences of disasters need not be a matter of worry and guesswork. Here are seven steps to effective business-continuity/disaster-recovery (BCDR) planning that will provide some practical guidance.

Yahoo Tech - Majority of Banking Web Sites Found Insecure

A new study from the University of Michigan has found that more than 75 percent of banking websites are not completely up to snuff when it comes to security.