Risk Based Enterprise Compliance Programs
By Thomas R. Fox, Attorney at Tom Fox Law
A recent benchmarking survey of Third Party Codes of Conduct was conducted by the Society of Corporate Compliance and Ethics (SCCE) and reported on by Rebecca Walker. The findings indicated that a majority of companies with an otherwise robust compliance program do not extend this to third parties with which they conduct business. For those companies who now desire to evaluate their third party business partners for Foreign Corrupt Practices Act (FCPA) compliance, how and where do they begin?
Relationships with Foreign Business Partners
By Thomas R. Fox, Attorney at Tom Fox Law
There are several critical components in the selection, use and retention of any Foreign Business Partner, such as agents, resellers, joint venture partners or distributors. The due diligence process should contain, at a minimum, inquiries into the following areas…
Resellers and Distributors Under the FCPA
By Thomas R. Fox, Attorney at Tom Fox Law
The landscape of the Foreign Corrupt Practices Act (FCPA) is littered with cases involving both agents and resellers are they are the most clearly acting as representatives of the companies whose goods or services they sell for in foreign countries. However many US businesses believe that the legal differences between agents/resellers and distributors insulate them from FCPA liability should the conduct of the distributor violate the Act. If you have a distributor, it must be subjected to the same FCPA scrutiny and management as an agent, reseller or joint venture partner…
Changes in Law for FCPA Ethics Compliance
By Thomas R. Fox, Attorney at Tom Fox Law
These changes to the Sentencing Guidelines should be monitored closely by companies as they represent significant amendments to the Sentencing Guidelines. It appears that the Department of Justice is moving to force companies to place compliance and ethics in a higher profile within their organizations and not simply to pay lip service, along the lines of “we have a code of ethics and act responsibly”…
The FCPA Role In International Acquisitions
By Thomas R. Fox, Attorney at Tom Fox Law
The recession has lessened and all that cash your Company has been hoarding for the rainy days of the Obama years is burning a whole in your CEO’s pocket. He has his powder dry and is ready to make a big bang by going on a buying spree, targeting overseas entities, to beat the competition in coming out of your industry’s downturn. An initial inquiry should be made into the ownership structure of the target company. If any portion of the entity is owned or held by a government or governmental entity then such an entity is covered under the FCPA as a foreign governmental instrumentality…
ISAlliance Briefs Homeland Security Panel
From The Internet Security Alliance
Internet Security Alliance (ISA) President Larry Clinton will describe the progress being made in the joint ANSI/ISA project to develop an enterprise wide cybersecurity framework Wednesday afternoon at the 8th Plenary of the Homeland Security Standards Panel in Washington DC.
Clever SQUID Proxy Defense Against DDoS
By Richard Stiennon, Chief Research Analyst, IT-Harvest
The US Defense Information Systems Agency announced that it is going to released a Request For Information this month. Anyone responding to DISA’s RFI would do well to study the methodology that Barrett Lyon describes using the open source SQUID proxy and caching server. The technique spelled out by Barrett involves putting a bank of high end servers running SQUID in front of the potential targets.
Cyber Defense Defined in Weekly Newsletter
By Richard Stiennon, Chief Research Analyst, IT-Harvest
Why cyber defense? How is this different than “security”? The difference is in motivation, purpose, and risks. Announcing the birth of Cyber Defense Weekly, a newsletter created to give participants in this new category a comprehensive summary of the week’s news, product announcements, and escalations in cyber threats.
DHS Open Request For Information (RFI)
From The Internet Security Alliance
The RFI is classified, but in general terms, it seeks information on prospective technical, end-to-end solutions that will help to protect the federal (.gov) cyber domain, and to facilitate cybersecurity improvements affecting the private sector. Registration will remain open until July 22, 2009.
Industry Coalition Develops S-CAP for VoIP
From The Internet Security Alliance
The OMB has already mandated to federal CIO’s that “Information technology providers must use S-CAP validated tools, as they become available, to certify their products do not alter the Federal Desktop Core Configurations, and agencies must use these tools when monitoring use of these configurations.”
