Is your organization vulnerable to a security breach or regulatory action because of its inaccurate time-setting practices?
Too often we take time for granted. Yet, it's critical to securing our operations and validating the integrity of our data - especially in the event of a security breach or a legal action. Register for this session to learn:
The greatest regulatory and legal risks re: time;
Where to find your greatest exposures;
How to establish a compliant, accurate time-setting practice.
Your organization's time-keeping practices are essential for the creation and maintenance of accurate, compliant and provable electronic data. If the timestamps in your data records are not reliable:
Your transaction processing applications will fail;
Forensics and audit log management will become a nightmare;
You may run afoul of regulatory and industry requirements; and
Courts may reject your electronic data as inadmissible.
Time is a major component in complying with the Payment Card Data Security Standard ("PCI DSS") as well as the Financial Industry Regulatory Authority Order Trail Audit System ("FINRA OATS").
Time also plays a major role in addressing the FFIEC's objectives for the integrity of data and accountability ("FFIEC Information Security Examination Handbook," p.6).
Yet for all time's importance, we understand little of how our systems actually generate and maintain time and the significant deficiencies in most time practices.
For example, as a compliance officer, would you accept a critical business process that was supported by a third party that refused to be audited or enter into a service level agreement?
- What if there was no way to even verify the identity of the third party that provided the critical support?
- What if one of your critical systems accepted input from several company locations and external partners across multiple time zones and it was practically impossible to determine the actual time of day on the various time stamps?
- What if one of your systems was dependent on a single source for critical data and no automatic failover process or backup strategy existed?
Most people would be surprised to learn that these problems are common in the vast majority of businesses with respect to how they manage time.
This webinar provides an introduction to how digital time is communicated and maintained in electronic commerce, the various sources for time and the significant vulnerabilities in the existing time practices used in most companies. The presentation will give you detailed recommendations for how to address these vulnerabilities and the basic components for a compliant time-keeping practice.
Former Dir. Information Security Risk Management, First Republic Bank
Bill Sewall is an Information security, compliance and risk management specialist with 30 years experience as a corporate attorney and general counsel, CIO, information security officer, and operational risk manager.
Prior to First Republic Bank, Sewall spent 10 years as a senior executive information security officer in Citigroup, including management of the IS training and awareness program and responsibility for the Citigroup IS Policy and Standards.
Over the course of his career as a business manager, he has built data centers, lead development and systems groups and managed audit and assessments in such areas as GLBA, SOX and Basel II.