ANX Corporate Blog

Showing 81 through 85 of 159 total posts

Posted December 09, 2010 9:16 am by Chris Noell (

What 2011 Holds in Store for Your GRC Program – Five Predictions | Prediction #2

What does 2011 hold in store for your GRC program? My post on Tuesday, December 7th, defined my first prediction - Greater Focus on Risk Management Capabilities.

Read below for my second prediction for 2011 GRC programs.

Prediction #2 | Redeployment of Internal Resources

According to recent studies, risk and compliance functions spend the majority of their time on tactical administrative tasks. Indeed, studies show that as much as 62% of effort is spent on data collection versus 36% on analytics/risk mitigation, and 2% on other tasks. 

I’ve found that when tactical activities dominate a program, there are 3 main issues that arise – audit fatigue, low value outcomes, and low level of executive participation.

Audit fatigue: Let’s face it – facilitating an assessment...

Read more

Comments (0) Comment Bubble

Posted December 07, 2010 9:50 am by Chris Noell (

What 2011 Holds in Store for Your GRC Program – Five Predictions | Prediction #1

It’s certainly not news that 2010 has been a tough year for organizations looking to establish and maintain an effective GRC program as they face the ongoing challenges of balancing GRC obligations with budget and resource constraints.  In 2011, as the number of applicable regulations and standards increase and organizations look to protect themselves against security breaches, I expect the importance of GRC to increase in the coming year. 

So, where should your organization start? Over my next five blogs posts, I will share my five predictions for what 2011 holds in store for your GRC program.

Prediction #1 | Greater Focus on Risk Management Capabilities

Although many pundits have predicted more focus on risk management for years, in my discussions with clients, I haven’t...

Read more

Comments (0) Comment Bubble

Posted December 02, 2010 10:40 pm by Chris Noell (

How easy is it to become PCI DSS Compliant?

As part of my daily ritual, I search security news for interesting articles to see how other organizations are approaching compliance and risk management.  I stumbled upon this article from – How Woolworths made IT risk a business issue – and there was a quote that stuck out:

"It's easy to become [PCI DSS] compliant, but it's really hard to maintain compliance," [Peter Cooper, Woolworths’ risk manager] noted. "You see regularly companies that have PCI breaches; it's the sustainability that's really important."

I think this is partially true.  I disagree that becoming PCI compliant is easy.  Becoming PCI DSS compliance is only easy if you either designed your payments infrastructure to be PCI compliant from the beginning.  When this is not the case, becoming PCI...

Read more

Comments (0) Comment Bubble

Posted November 29, 2010 10:18 am by Julie Pham (

TruArx GRC Expert to Speak at MIS Training Institute GRC 2010 Conference

Steve Akers, Director of Managed Risk and Compliance Services, to join GRC thought leaders in the Next Generation of GRC Products and Services Panel Discussion

Farmington Hills, MI November 29, 2010 – TruArx®, a leader in cost-effective, easy-to-implement governance, risk and compliance (GRC) solutions, today announced that Steve Akers, director of managed risk and compliance services, will be speaking at the MIS Training Institute (MISTI) GRC 2010 Conference. Beginning November 30th at the Omni Berkshire Place Hotel in New York City MISTI GRC 2010 is an exclusive two-day training conference covering essential components of a successful GRC strategy.

“Ensuring that security professionals are able to leverage the best tools and services in the marketplace to meet their...

Read more

Comments (0) Comment Bubble

Posted November 04, 2010 8:22 am by Barry Chapman (

Google Buzz: I totally called that!

HA! Remember when I said that Google Buzz posed a serious privacy flaw? Well, on Tuesday I received an email from Google personally! (Along with several million other users):

Google rarely contacts Gmail [or any] users via email, but we are making an exception to let you know that we've reached a settlement in a lawsuit regarding Google Buzz (, a service we launched within Gmail in February of this year.

Shortly after its launch, we heard from a number of people who were concerned about privacy. In addition, we were sued by a group of Buzz users and recently reached a settlement in this case.

The settlement acknowledges that we quickly changed the service to address users' concerns. In addition, Google has committed $8.5 million to an independent fund,...

Read more

Comments (1) Comment Bubble