Last week I had a post that in the early 80s, the state-of-the-art was starting to handle a lot of "insider" fraud with things like roles .... and then there was starting to be problems with "collusion" ... so there were starting to be some number of collusion countermeasures.
http://www.garlic.com/~lynn/2008b.html#26
and things are still waiting to get back to the what the state-of-the-art was working on 25yrs ago.
recent comment on this particular topic
http://www.garlic.com/~lynn/2008b.html#82
re:
http://www.garlic.com/~lynn/aadsm28.htm#13
There are all sorts of barriers to introducing new systems ... frequently involving disastrous past attempts. I've pontificated recently about disastrous, ill-fated attempt to deploy consumer chipcard operation with personal readers early in the decade and the chilling aftermath on any further attempts.
A lot of the current "online" transaction infrastructures started out as purely batch operations. In the 70s&80s, many of these infrastructures added front-end transaction interfaces ... but still relied on batch to complete the operations (commonly associated with "settlement") in what frequently came to be known as "overnight batch" windows.
In the 90s, there were billions spent on failed attempts to upgrade these facilities ... frequently with "object" oriented and parallelized implementations for something called "straight through processing" ... to eliminate the increasing bottleneck of the overnight batch window (globalization was decreasing the size of the window and any workload increase was frequently banging up against the limits of the window).
recent references
http://www.garlic.com/~lynn/2008b.html#3 on-demand computing
http://www.garlic.com/~lynn/2008b.html#74 Too much change opens up financial fault lines
I'm still puzzled where the system spending has gone though. For the past ten years, at every financial services event I've been to, bank guys have been complaining that they have no money for innovative new systems because all the money is going on compliance. They can't possibly have wasted all of the money on management consultants: some small fraction must have eventually gone on some actual controls. Somewhere in SocGen there must have been a line of code like "if value-at-risk > banks-total-capitalisation then sound-alarm" or something.
Posted by Dave Birch at January 26, 2008 05:25 PMDave Birch wrote:
> I'm still puzzled where the system spending has gone though. For the
> past ten years, at every financial services event I've been to, bank
> guys have been complaining that they have no money for innovative new
> systems because all the money is going on compliance. They can't
> possibly have wasted all of the money on management consultants: some
> small fraction must have eventually gone on some actual
> controls. Somewhere in SocGen there must have been a line of code like
> "if value-at-risk > banks-total-capitalisation then sound-alarm" or
> something.
re:
http://www.garlic.com/~lynn/aadsm28.htm#13 Break the rules of governance and lose 4.9 billion
http://www.garlic.com/~lynn/aadsm28.htm#14 Break the rules of governance and lose 4.9 billion
i was at a financial conference in europe a couple of yrs ago ... one
of the main topics was that sox compliance costs was starting to creep
into european companies (and some companies were starting to move off
american exchanges attempting to avoid sox compliance)
i took the position that much of sox was more of the same kind of
auditing ... and there was a lot of fraud which was getting by the
kind of auditing ... and more of the same kind of auditing wasn't
going to catch it; it was going to require different approaches.
a couple recent articles on the socgen subject:
Government report alleges risk and security failures at SocGen
http://www.finextra.com/fullstory.asp?id=18037
Neglected IT Tasks May Have Led to Bank Meltdown
http://www.pcworld.com/businesscenter/article/142137/neglected_it_tasks_may_have_led_to_bank_meltdown.html
Poor password management may have led to bank meltdown
http://www.infoworld.com/article/08/02/04/Poor-password-management-may-have-led-to-bank-meltdown_1.html
and some related comments
http://www.garlic.com/~lynn/2008c.html#76
misc. past posts mentioning sox:
http://www.garlic.com/~lynn/aadsm19.htm#10 Security as a "Consumer Choice" model or as a sales (SANS) model?
http://www.garlic.com/~lynn/aadsm22.htm#26 FraudWatch - Chip&Pin, a new tenner (USD10)
http://www.garlic.com/~lynn/aadsm23.htm#10 PGP "master keys"
http://www.garlic.com/~lynn/aadsm25.htm#12 Sarbanes-Oxley is what you get when you don't do FC
http://www.garlic.com/~lynn/aadsm25.htm#13 Sarbanes-Oxley is what you get when you don't do FC
http://www.garlic.com/~lynn/aadsm25.htm#14 Sarbanes-Oxley is what you get when you don't do FC
http://www.garlic.com/~lynn/aadsm25.htm#15 Sarbanes-Oxley is what you get when you don't do FC
http://www.garlic.com/~lynn/aadsm25.htm#26 Fraudwatch - how much a Brit costs, how to be a 419-er, Sarbanes-Oxley rises as fraud rises, the real Piracy
http://www.garlic.com/~lynn/aadsm25.htm#43 Audit Follies - Atlantic differences, branding UnTrust, thunbs on Sarbanes-Oxley, alternates
http://www.garlic.com/~lynn/aadsm26.htm#2 Audit Follies - Atlantic differences, branding UnTrust, thunbs on Sarbanes-Oxley, alternates
http://www.garlic.com/~lynn/2006h.html#33 The Pankian Metaphor
http://www.garlic.com/~lynn/2006h.html#58 Sarbanes-Oxley
http://www.garlic.com/~lynn/2006i.html#1 Sarbanes-Oxley
http://www.garlic.com/~lynn/2006j.html#28 Password Complexity
http://www.garlic.com/~lynn/2006o.html#35 the personal data theft pandemic continues
http://www.garlic.com/~lynn/2006u.html#22 AOS: The next big thing in data storage
http://www.garlic.com/~lynn/2007b.html#63 Is Silicon Valley strangeled by SOX?
http://www.garlic.com/~lynn/2007j.html#0 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007j.html#74 IBM Unionization
http://www.garlic.com/~lynn/2007j.html#75 IBM Unionization
http://www.garlic.com/~lynn/2007o.html#0 The Unexpected Fact about the First Computer Programmer
http://www.garlic.com/~lynn/2007r.html#61 The new urgency to fix online privacy
http://www.garlic.com/~lynn/2008.html#71 As Expected, Ford Falls From 2nd Place in U.S. Sales
http://www.garlic.com/~lynn/2008.html#78 As Expected, Ford Falls From 2nd Place in U.S. Sales