Compliance is not enough
The demands of regulatory compliance are among the factors driving IT and security managers within large organisations to improve their user-access governance processes, but the issues are broader and deeper than any regulations - and more serious than many senior executives think. The recent scandal at Societe Generale offers lessons from which every chief risk officer, chief information officer and chief security officer should learn, writes Brian Cleary
Risks related to unauthorised or inappropriate access to information resources can appear anywhere within an organisation at any time and spread rapidly through the business. All it takes is a single person with the wrong access. Such events range from minor policy and compliance violations to major operational failures with substantial financial, legal and reputational consequences.
While user access risk cannot be entirely eliminated, it can be monitored, managed and mitigated through a sound
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
More on Risk management
Buy side would welcome more guidance on managing margin calls
FSB report calls for regulators to review existing standards for non-bank liquidity management
Japanese megabanks shun internal models as FRTB bites
Isda AGM: All in-scope banks opt for standardised approach to market risk; Nomura eyes IMA in 2025
Benchmark switch leaves hedging headache for Philippine banks
If interest rates are cut before new benchmark docs are ready, banks face possible NII squeeze
Op risk data: Tech glitch gives customers unlimited funds
Also: Payback for slow Paycheck Protection payouts; SEC hits out at AI washing. Data by ORX News
The American way: a stress-test substitute for Basel’s IRRBB?
Bankers divided over new CCAR scenario designed to bridge supervisory gap exposed by SVB failure
Industry warns CFTC against rushing to regulate AI for trading
Vote on workplan pulled amid calls to avoid duplicating rules from other regulatory agencies
Top 10 op risks: change brings challenges as banks splash the cash
Higher interest margins and a trend toward insourcing drive major tech projects
Top 10 op risks: deepfakes drive rise in fraud fears
External fraud re-enters top 10 as artificial intelligence provides new tools for criminals
Most read
- Top 10 operational risks for 2024
- Top 10 op risks: third parties stoke cyber risk
- Japanese megabanks shun internal models as FRTB bites