The document discusses risk management in companies. It provides questions for senior executives and IT executives about risks to the business from data security, regulatory compliance, and technological issues. It also summarizes statistics about the high costs of data breaches for companies and discusses how outsourcing some risk management functions can help companies focus on compliance in today's complex regulatory environment.

2. Understanding Risk Management “ The Process of identifying, categorizing, measuring, monitoring and mitigating risk in your Company”

4. Question for the Senior IT Executive Are your Data Sources Secure? What is the source of the information provided to Senior Management in your reports ? How reliable are these sources, how are they validated? When was the last time someone audited the information? Have you met with your people and are you sure that they clearly understands the potential risks associated with not protecting the confidentiality of information within the company systems? According to Deloitte Financial Advisory Services, 24.3 percent of survey respondents in 2009 indicated that they view the risk of a government investigation as being higher today than a year ago, yet only 20.8 percent of these executives say their organizations are “ very ready ” to handle a government or regulatory investigation. Worse: A 2008 study conducted by Aon Risk Services found that among 320 corporations in 29 countries, a shocking 42 percent of respondents identified risk only through intuition.

5. What we have Identified from working with our Customers: Many Business don’t understand how technology can be used. They don ’ t have a technology view of their business. IT is often accuse of not being business-focused , technology gets blamed for things that business people are not actually doing themselves. The management of strategic risk and regulatory compliance can not be delegated it must reside at the board level. The strategic importance of information and the nature of current business technologies have raised the stakes regarding the privacy, security and confidentiality of information. In particular, there is heightened sensitivity to safeguarding not just sensitive corporate transaction data, but also data about customers, employees and business partners. The pervasiveness of business technologies has made it far easier for unauthorized pilferage of such information and data. In addition, with heightened concerns about terror, regulations increasingly compel organizations to furnish more data than before.

8. Worldwide Laws and Regulations Increases Need for Protecting Data New, more prescriptive laws and regulations affording greater protection to personal information are based on the very real threats posed by identity thieves, scam artists and crooks who are stealing credit- and debit-card numbers, health plan data and bank account information and the like that reside in disparate databases and are transmitted over the Internet.

9. Two Main Watch Dog Organizations The two federal agencies with privacy and security laws that impact most U.S. organizations are the Department of Health and Human Services (HHS) and the Federal Trade Commission (FTC). The HHS is pushing the health care industry to use electronic medical records (EMRs), health information exchanges (HIEs) and health information technology (HIT) to improve health care and reduce costs. Organizations that have health plans are affected by the privacy and security requirements of the Health Insurance Portability and Accountability Act (HIPAA), and they could potentially benefit from the use of EMRs, HIEs and HIT if health care costs are reduced. The FTC is the consumer watchdog agency that oversees a number of federal laws and regulations that protect personal information from inappropriate use or disclosure, enforce implicit and explicit privacy and security promises of organizations to consumers, and restrict how credit information may be used and disclosed. Both the HHS and the FTC have been busy on a number of fronts in 2008, including the following:

10. Recent Regulations • The FTC introduced the “Red Flags Rule” (meant to address red flags that are indicators of identity theft), which will go into effect on May 1, 2009. It requires creditors (and financial institutions through applicable regulatory agencies with a Nov. 1, 2008, date) to have identity-theft-prevention programs in place. The Red Flags Rule also requires boards of directors and senior management oversight of programs, as well as company oversight of third-party service providers. • The HHS stepped up enforcement of HIPAA security regulations that require security controls to protect electronic-protected health information. Additionally, it is moving from a solely complaints-driven process to one that is also proactive. • Different HHS entities are providing guidance and proposals that advance the use of EMRs, HIEs and HIT by the health care industry, and address related functionality, interoperability, and privacy and security issues. In 2008, certain states expanded the scope of information security breach notification laws (in effect in 44 states, the District of Columbia, Puerto Rico and the Virgin Islands) to include not only financial and other identifying information, but also medical information, as well as requiring notification in case of a breach when such information is unencrypted. Other states are now or will be requiring that certain personal

11. Phishing Targets: In 2008, financial institutions were unquestionably the dominant target of phishing e-mails. In the first half of 2009, financial institutions are still the number one target. Along with the decline in phishing and the change in phishing origins, the actual targets of phishing have changed significantly. Financial institutions now only represent 66.3 percent of the targets, allowing Online Payment institutions to consume 31.4 percent of the share. This change in percentage is not necessarily indicative of more phishing directed towards Online Payment organizations, but more accurately represents the decline in North American and European financial targets when it comes to phishing. The other 2.3 percent of phishing targets is comprised of other industries such as online auction Websites, communication services, and online stores : Phishing Targets by Industry, 2009 H1

12. Why Outsourcing all or part of Risk management can help their company remain compliant in today's world In addition to the complexities of an ever changing economy, the requirements to provide quicker, accurate information has come at a time when penalties for not protecting consumer data are sky rocketing as seen in the TJ Max court decisions. As a result companies are not properly organized within both business and IT to keep up with the almost daily mandates on data protection. When factoring the increased cost of new systems technologies, data integration requirements, and the growing costs of maintaining and educating an in-house staff, outsourcing risk analysis and management has become the logical choice. In the 2009 Accenture Global risk Management study, 63% of the 250 companies executives surveyed believed that some aspects of risk management can be outsourced to deliver better efficiencies .

13. Our Focus 1 Business Risk: This consists of actual threats to the organization, including its products, services, intellectual property and records. Business leaders must communicate to IT leaders what issues exist and where data might reside. 2 Technology Risk: It’s important to understand what pieces of information need to be protected in what way, so that an organization can build the right IT infrastructure 3 Legal/Regulatory Risk: An organization must establish processes and systems that match legal requirements, whether that involves an e-discovery system that must comply with an e-mail retention rule or storage and encryption standards for managing credit card data. 4 External Risk: IT must address all external threats related to data storage and retention, life-cycle management. IT needs to play a central role in protecting and disposing of data properly. Understanding Risk Enterprise risk management can touch all corners of an enterprise. However, governance, risk and compliance (GRC) typically addresses four primary challenges:

15. Strategema Has Selected Only The Best As Their Partner:

16. "Stratagema’s Channel Solutions Partner; IBM Internet Security Solutions Group ISS

17. Best Security Award SAN FRANCISCO, - 04 Mar 2010: IBM (NYSE: IBM ) today announced it has been named Best Security Company by SC Magazine. The award, recognizing IBM's leadership in IT and its outstanding security solutions, was presented yesterday at the SC Awards Gala, held in conjunction with the annual RSA Conference in San Francisco. For nearly 50 years, IBM has helped businesses and governments secure their critical infrastructures with solutions that go beyond just collections of niche products. IBM's customers rely on the most comprehensive security solutions and services addressing compliance mandates, applications, data, identity and access management, networks, threat prevention, systems security, email, encryption, virtualization and cloud security. "With the Best Security Company Award, our judges have recognized IBM as a leader in the constant battle to protect businesses, customers and data

20. Last Word on Reduced Risk, and Compliance There is no Guarantee that a company will remain compliant, with each new regulatory compliance adds another layer of IT risk. Businesses today must contend with an increasing number of government and non-government regulations. The risks of non-compliance are serious and can include fines often in the hundreds of millions of dollars, prosecution of key corporate officers, or loss of business when forced to shut down. But maintaining an effective data protection strategy is not just for the yearly audit, it must be incorporated into the highest levels of the business and it’s strategy, viewed by the company as an living ongoing project. The recent Data Breach of “ Heartland Payment Systems” echoed this throughout the payment card industry demonstrating even the most staunch supporter of PCI compliance can never let their guard down.

21. What Does This Mean to the Resnick Druckman Group LLC: Strategema Consulting will partner to make your data secure, so you in return will be able to assure your accounts that the same security measures you are recommending are part of normal operation procedures for your group: We will educate your people on the current security climate, new developments, white papers and webinars: Strategema Consulting will continue to grow and be your one stop source to present real world solutions to your clients: Strategema Consulting becomes an integrated resource to develop a risk management practice included as part of your accounting practice: Working with Strategema consulting provides both you and your accounts the premier Security solution supported by the largest provider IBM ISS: