Connect with us

Cyber Security

Tasks associated with SOX compliance continue to be significant

Avatar

Published

on

Only 46 percent of audit teams have been utilizing advanced technologies to optimize SOX compliance activities, a decrease from the previous year’s Protiviti survey findings.

SOX compliance activities

SOX compliance challenges

The longstanding challenges associated with compliance with the Sarbanes-Oxley Act, such as the cost of compliance and reliance on time-consuming manual tasks, are being exacerbated by the COVID-19 pandemic, as finance and audit teams are required to perform audit tasks remotely.

“The tasks associated with SOX compliance continue to be significant and time-consuming,” said Brian Christensen, executive vice president and global leader of Protiviti’s internal audit and financial advisory practice.

“The pandemic brings added burdens to the SOX compliance process, and it will be important for companies to reassess any temporary changes in control design and operation to ensure they continue to be aligned with their risk appetite as the business environment begins to normalize.”

SOX compliance hours increase

The survey revealed that the number of hours devoted to SOX compliance activities continues to rise, despite regulatory requirements remaining the same year-on-year.

Among companies that saw an increase in their SOX compliance hours, 67 percent reported the number of hours went up by more than 10 percent over the prior year, highlighting their lack of automation for simple functions. This finding can also be attributed to the increasingly more complex operations of modern companies.

Yet SOX teams that rely solely on spreadsheet and word processing applications, or legacy GRC (governance, risk and compliance) systems to manage their control environments, spend extensive time dealing with version control issues, manually making individual control changes across a dozen or so documents and preparing status reports.

While RPA (robotic process automation), GRC, data analytics and advanced technology tools would better enable SOX work to be performed more efficiently and effectively, many companies surveyed expressed reluctance about embracing centralized control testing and increasing their use of automation.

Leveraging technology

However, companies are starting to take notice, with a quarter of those who do not currently utilize technology tools in their organization’s SOX compliance process responding that they plan to do so in the next fiscal year and 48 percent responding that they plan to do so within two years.

Among the survey respondents already leveraging technology in their organization’s SOX compliance process, it is most frequently applied in testing the accounts payable process (48 percent), financial reporting process (43 percent) and account reconciliations process (43 percent).

“The current pandemic is a vivid reminder of how important it is for audit leaders to be resilient, adapt to unexpected and disruptive events and ensure they can complete SOX compliance activities even when they are dispersed and working offsite,” said Chris Wright, a Protiviti managing director and leader of the firm’s Business Performance Improvement practice.

“Now is the time to address longstanding industry resistance to using technology and automation that has been holding back the evolution of compliance teams for years.”

Source: https://www.helpnetsecurity.com/2020/06/03/sox-compliance-activities/

Cyber Security

Ringzer0 Announces “Virtual Vegas,” A Hands-On Offensive Security…

Avatar

Published

on

Virtual Vegas by Ringzer0 Training

Virtual Vegas is exclusively focused on hardcore technical training in offensive security skills that matter to real security professionals, from corporate network defenders to pen-testers, red teams and vulnerability researchers.

Ringzer0 Training, the leading provider of advanced cybersecurity training, announces the opening of registration for Virtual Vegas, an intense two-week hands-on training event (July 31 – August 13, 2021) that covers a variety of important offensive security skills, including hacking automotive systems, IoT, Windows Internals and RISC-V, plus cryptography attacks, malware reversing and much more.

“As with all of our Ringzer0 events, Virtual Vegas is exclusively focused on hardcore technical training in offensive security skills that matter to real security professionals, from corporate network defenders to pen-testers, red teams and vulnerability researchers,” said Saumil Shah, co-founder of Ringzer0 Training. “Unlike many of the more mainstream infosec conferences which tend to water down their training classes in order to appeal to a broader audience, our training remains completely focused on advanced topics and intense, hands-on-keyboard training, so that students can get past the learning curve and build up skills quickly that they can deploy in the field by the end of the class.”

Ringzer0 Training is designed for cybersecurity professionals who would rather forego the traditional conference experience – high-level talks, speaker panels, sponsored presentations, networking sessions – to focus only on what matters most: hardcore offensive skill-building.

TRAINING CLASSES:

Virtual Vegas includes 19 deep-dive training courses, which cover a wide range of critical subjects for infosec professionals. Trainings are delivered in a combination of live instructor-led lectures and self-paced hands-on exercises, complete with regular instructor office hours, an active Discord channel for group discussion and instructor/teaching-aide Q&A and support. Ringzer0 has also adjusted the live portions of the training classes to better accommodate students in different time zones around the world. All trainings are taught by leading industry experts, including many former members of military and government agencies.

Here is the full list of Ringzer0 training courses at Virtual Vegas:

[+] Windows Internals for Reverse Engineers – taught by Yarden Shafir, software engineer at Crowdstrike and formerly with the Israel Defense Forces (IDF)

[+] The ARM IoT Exploit Laboratory – taught by Saumil Shah, founder/CEO of Net-Square

[+] Reverse Engineering with Ghidra – taught by Jeremy Blackthorne, president of the Boston Cybernetics Institute (BCI) and formerly with the US Marine Corps

[+] Cryptography Attacks & Defense, Reloaded – taught by Dr. Jean-Philippe Aumasson, co-founder/CSO of Taurus, and Dr. Philipp Jovanovic, an associate professor at University College London

[+] TEEPwn: Breaking Trusted Execution Environments – taught by Cristofaro Mune and Niek Timmers, co-founders of Raelize

[+] WebAssembly Security – taught by Patrick Ventuzelo, independent security researcher and formerly with the French Ministry of Defense

[+] Reign in the Cloud: AWS Edition – taught by David Mound, founder/CTO of Merimetso and formerly with the Royal Navy

[+] Advanced Active Directory Exploitation – taught by Sergio Lazaro and John Intridis, security analysts at SensePost

[+] Advanced Malware Analysis & Reverse Engineering – taught by Dr. Josh Stroschein, assistant professor at Dakota State University

[+] IPv6 Network Security with Scapy – taught by Guillaume Valadon, head of security for Netatmo and formerly with the French National Agency for the Security of Information Systems (ANSSI)

[+] Embedded Automotive Security: A Hands-On Introduction – taught by Ralf-Philipp Weinmann, founder/CEO of Kunnamon, and Benedikt Schmotzle, offensive security researcher at Comsecuris

[+] Inside RISC-V: Analysis and Exploitation – taught by Don Andrew Bailey, founder/CEO of Lab Mouse and chair of the RISC-V Security Response Team

[+] Mastering Ghidra: Automation and Scripting for Reverse Engineering – taught by Jeremy Blackthorne

[+] iOS 14 User Space Exploitation – taught by Stefan Esser, CEO of Antid0te UG

[+] Electron Security: Threat Modeling, Vulnerability Research and Exploitation – taught by Luca Carettoni, co-founder of Doyensec

[+] Advanced Binary Diffing with Diaphora – taught by Joxean Koret, independent security researcher and reverse engineer

[+] Automated Program Analysis Using Machine Learning – taught by Hahna Latonick, director at Siege Technologies and formerly with the US Department of Defense

[+] Q Division: Hardware Tools for Close Quarter Hacking – taught by Rogan Dawes, security researcher at SensePost

[+] Reverse Engineering Modern Android Malware – taught by Axelle Apvrille, principal security and anti-virus researcher at Fortinet

WOMEN IN CYBERSECURITY SCHOLARSHIP FUND:

As part of Ringzer0’s ongoing effort to support diversity in the cybersecurity industry, the organization is again teaming up with RiskRecon, a MasterCard company, to offer free offensive security training to women from around the world.

The “Ringzer0 RiskRecon Women in Cybersecurity Scholarship Fund” will award eight scholarships to qualified female applicants for Virtual Vegas. The goal of this program is to further the opportunities for women in cybersecurity, support their professional development and educational goals, and help them thrive in the industry.

For more information about Virtual Vegas training sessions, scheduling and scholarships, visit https://www.ringzer0.training.

ABOUT RINGZER0 TRAINING:

> Ringzer0 Training is offensive security done right. We provide advanced, hands-on training designed for cybersecurity professionals. Our instructors are top industry experts who offer technical deep dives into a range of core issues, including vulnerability research, exploitation, malware writing, red teaming and practical attacks. Each class is laser-focused on a specific topic, to pack in as much learning, hands-on experience and trainer facetime as possible. Forget about crowded classes offering basic-level instruction: Ringzer0 gets students past the learning curve in a 16- or 32-hour advanced course, using a hybrid live instructor-led and self-paced learning format to fit individual schedules and avoid screen fatigue and Zoom burnout. Visit us at >>>> https://www.ringzer0.training or follow us on Twitter at @_ringzer0.

###

Media Contact for Ringzer0:

Michael Sias

Firm 19

inquiry@firm19.com

954-361-3963

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.prweb.com/releases/ringzer0_announces_virtual_vegas_a_hands_on_offensive_security_training_event_this_summer/prweb17872547.htm

Continue Reading

Cyber Security

ASPG, Inc. Announces ReACT MG, Innovative Password Reset Tool Now…

Avatar

Published

on

News Image

ReACT MG provides a trifold solution by enforcing access management and security protocols, taking a workload off the helpdesk, and providing round-the-clock password reset capabilities.

Advanced Software Products Group, Inc. (ASPG) has announced the release of ReACT MG, the innovative enterprise self-service password reset and synchronization solution, that is now available through the General Services Administration (GSA).

Government departments consist of hundreds of end-users using even more software applications, requiring access to sensitive data that must be protected according to strict policies, resulting in an endless number of login credentials to remember. ReACT MG was designed with this in mind, allowing end-users to reset their passwords to a permanent value in four simple steps – all without needing to burden the help desk.

By offering the tool through GSA, ReACT MG is now available to the many government agencies that need a software solution to reduce the workload of the helpdesk and assist end-users with independent password resets. ReACT MG provides a trifold solution by enforcing access management and security protocols, taking a workload off the helpdesk, and providing round-the-clock password reset capabilities.

ReACT MG has been specially designed with federal agencies in mind. Government-specific features include all stored information being encrypted, customizable scripts and APIs being provided for free to support complex environments with a variety of applications and systems, enforcement of current security controls and policies, and strong authentication methods with the ability to group users based on role-based access. A Microsoft-certified product, ReACT MG can leverage PIV, CAC and Biometrics in addition to AD credentials for Helpdesk and Administration portals.

ReACT MG is continually being further developed with new versions regularly being released. The ReACT MG support team is available 24 hours a day, 7 days a week. Interested parties can read more about ReACT MG via ASPG’s website at http://www.aspg.com/react. Free trials of the software are also available. To learn more, contact the ASPG sales team by phone at 800-662-6090 (toll-free) or 239-649-1548 (US/International) or email at aspgsales@aspg.com

ABOUT ADVANCED SOFTWARE PRODUCTS GROUP

ASPG is an industry-leading software development company with IBM, Microsoft and GSA certifications. For nearly 30 years, they have been producing award-winning software for data centers and mainframes, specializing in data security, storage administration, and system productivity, providing solutions for a majority of the global 1000 data centers.

Share article on social media or email:

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.prweb.com/releases/aspg_inc_announces_react_mg_innovative_password_reset_tool_now_available_through_gsa/prweb17872792.htm

Continue Reading

Cyber Security

Cedalo releses new Version 2.3 of the No-Code Platform Eclipse…

Avatar

Published

on

“For many of our users, we want to make this even easier. With our no-code platform Streamsheets, we want to address users who do not have in-depth IT know-how,” explains Philipp Struss, CEO of Cedalo AG.

Cedalo, the company behind the two Eclipse – Open Source – projects Mosquitto and Streamsheets has recently released Streamsheets in the new version 2.3. It focuses on interoperability and integrations. New crypto features enable the secure transfer of sensitive data between applications. Additional cell functions facilitate the work of streamsheet creators, e.g. to convert data from JSON to XML. The release is rounded off with additional wizards to better set up graphs. The new chart type “Map” allows the display of any data on country and regional maps.

In Streamsheets, external services can already be controlled via HTTP – request functions. “For many of our users, we want to make this even easier. With our no-code platform Streamsheets, we want to address users who do not have in-depth IT know-how,” explains Philipp Struss, CEO of Cedalo AG. “Consequently, we will now step by step offer cell functions that directly exchange information with third party systems using no more than simple spreadsheet formulas.” In a first step, it is now possible to send text messages directly from a Streamsheets cell. Likewise, geodata can be determined for locations or weather data and forecasts can be obtained for a location by means of further integration functions.

Streamsheets is aimed at professional users who need to monitor, transform, and display continuously incoming data (“streaming data”) in real time in their business and production processes. In this no-code environment, business users can map their processes using spreadsheet logic without having to know how to program. The onboarding of new users has been further simplified, too: Streamsheet templates are now available on https://cedalo.com/resources/streamsheets-apps-templates/. Each user can drag and drop these directly onto their Streamsheets server. There, users can adapt the examples to their own needs.

Interoperability often requires that data sets are transformed. Streamsheets is here a mediator between the (application) worlds and allows numerous data transformations. New in version 2.3 is the JSON.to.XML – function. Both JSON and XML are very common formats when structured data needs to be passed between applications. The new function allows a quick and easy transformation between these two important formats.

Streamsheets 2.3. now includes a map-based chart. Analyses are very often done by regional categories, be it continents, countries or in some cases by individual streets. In the “Maps” – diagram quantitative data can be assigned to places plastically using different map types. In addition, Streamsheets has already been supporting a variety of different X-Y diagrams and heatmaps, e.g. to display data on a grid map.

Eclipse Streamsheets can be downloaded from the official project page of the Eclipse Foundation. The complete package with Streamsheets 2.3 as well as the new MQTT broker Mosquitto 2.0 and the corresponding graphical Management Center 2.1 is available at https://cedalo.com/get-started-with-cedalo-real-time-platform/.

About Cedalo:

Cedalo AG is an IoT start-up based in Freiburg, Germany, that is truly devoted to Open Source: Their products constitute of Eclipse Foundation projects. Eclipse Streamsheets, the first product, is a no-code application platform which can easily subscribe and publish to data streams like MQTT or Apache Kafka. Business process users can build stream processing applications using a spreadsheet GUI and cell functions. A variety of diagram types provides fast dashboarding. Eclipse Mosquitto, the second product, is the most downloaded MQTT broker worldwide. Brokers orchestrate the data flow in modern IoT publish/subscribe architectures. Mosquitto excels in big installs on servers due to a high efficiency to handle a large number of parallel connections. However, its resource-friendly programming makes it ideal for usage on small ARM-based edge devices like the Raspberry Pi, as well.

Press contact:

Stefan Loelkes, CRO

Phone: +49-1590-48 60 270

Email: stefan.loelkes@cedalo.com

Social media:

Web: https://www.cedalo.com

Linkedin: https://www.linkedin.com/company/cedalo-ag

Twitter: https://twitter.com/cedalo_com

Share article on social media or email:

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.prweb.com/releases/cedalo_releses_new_version_2_3_of_the_no_code_platform_eclipse_streamsheets_to_target_direct_integration_of_3rd_party_applications/prweb17862324.htm

Continue Reading

Big Data

Smart Fintech obtains NBR authorization and becomes the first third party payment provider (TPP) through open banking in Romania

Avatar

Published

on

Smart Fintech obtains NBR authorization and becomes the first third party payment provider (TPP) through open banking in Romania

Smart Fintech announced today that they have officially received the authorization from NBR (National Bank of Romania), the regulatory authority, as a Payment Institution authorized to perform Payment Initiation Services (PIS). Thus, the start-up becomes the first open banking third-party provider (TPP) licensed in Romania.  

Smart Fintech is officially listed in the Payment Institutions Register held by the NBR and in the Register of payment and electronic money institutions under PSD2 of the European Banking Authority as a Payment Initiation Service Provider (PISP), with no. IP-RO-0011/02.04.2021.

We are thrilled and proud to receive the authorization from NBR. It required a significant amount of effort from our side, but with a precious outcome: not only we’ve got the license we needed to become an active TPP in Romania, but the whole process made us analyze in-depth and in perspective all facets of our fintech’s future activities and, thus, we have managed to define a sound and solid framework for our business”, states Mihaela Georgescu, Co-founder of Smart Fintech. 

The start-up went through a complex authorization process carried out in the last nine months, which required several stages, with rigorous analysis and extensive documentation of internal operations, to meet the rules set by the regulatory authority.

“I realized this is, actually, an essential exercise for any company with a new product or service, especially in the financial area. At the same time, I honestly say that I don’t know if we – or anybody else, had done that at the very beginning, by themselves, if not explicitly required in the authorization process. Thus, there might be a general opinion that the regulatory authority has set a high barrier for the players who want to benefit from PSD2. At the same time, I must say that – going through with the authorization process, we’ve come to understand the reason for all those “many” requirements and that was really eye-opening”, adds Mihaela Georgescu.

SmartPay is the fintech’s first Romanian authorized payment initiation service. It can be used either as an alternative to any online payment method (eCommerce payments, online bill payments etc.) or as a payment accelerator – integrated into any app managing financial resources (such as electronic invoicing, ERP, payroll, or personal finance management). Smart Fintech created SmartPay based on the Revised Payment Services Directive (known as PSD2).

The technology solution promises more transparency and speed in the online payments process. Beyond ease of integration and use, security is another fundamental principle that has underpinned its development. The security policy implemented ensures that partners and their customers are protected against payment risks, in particular against the risk of fraud and the illegal use of sensitive online payment data.

The ambition and commitment of Smart Fintech are to grow SmartPay to become an awesome online payment alternative and to create a frictionless and secure alternative to traditional payments. 

“The first local TPP license is a remarkable achievement, not only for Smart Fintech but for an entire fintech ecosystem having as mission the delivery of a new generation of financial products, services and experiences. It’s officially, Romania is on the open banking map now”, states Ana Maria Georgescu, Sales & Marketing Manager Smart Fintech.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.fintechnews.org/smart-fintech-obtains-nbr-authorization-and-becomes-the-first-third-party-payment-provider-tpp-through-open-banking-in-romania/

Continue Reading

Trending