Comments
Catch Me if You Can: Risk Hidden in Plain Sight
Newest First  |  Oldest First  |  Threaded View
Becca L
50%
50%
Becca L,
User Rank: Author
7/31/2014 | 5:14:08 PM
Re: Scary


This article is rather scary, and to Ivy's point, at WS&T cover great enhancements in this area all the time, but there a lot of corners of the offices have been overlooked by both us and the firm! Somewhere at a major firm, right now, some one is keying away into a TI trying to hit a deadlin.



 
IvySchmerken
50%
50%
IvySchmerken,
User Rank: Author
7/21/2014 | 1:50:41 PM
Re: Scary
It is scary to think that risk management was in the hands of basic calculator but then Mitchel upgraded to the IBM XT and VisiCalc, which was state of the art at the time.  Fast forward to today and banks have very sophisticated software to monitor risk in real time, at a point when markets are moving much faster and with exponential volumes of data. But it sounds like the gaps are in the surrounding departments- legal, compiance, marketing, sales. Since we endlessly write about compliance systems and CRM, I thought these areas had gone somewhat electronic.
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
7/21/2014 | 6:28:07 AM
Scary
Mitchel, great back story on how quickly risk has gone from a back office afterthought to something that all firms should be thinking about right from the start of the trade. It's scary to think that large banks were "guesstimating" risk for years and the only tool they were using was an HP 12c.

 

HP 12c Calculator
IvySchmerken
50%
50%
IvySchmerken,
User Rank: Author
7/19/2014 | 2:28:42 PM
Re: Opportunities in plain sight as well...
This is very interesting, Perry. I didn't realize that structural changes in a financial filing as compared to industy peers can merit further analysis can point to hidden risks. It seems like the amount of space devoted to discussion of certain items can be as informative as the actual data.
pbeaumont
50%
50%
pbeaumont,
User Rank: Apprentice
7/18/2014 | 11:08:29 AM
Re: Opportunities in plain sight as well...
Sometimes the more interesting elements relate not so much to the particulars of content (though the evolution of financials and related specifics are certainly worth monitoring) but rather the structure of documents.  For example, how much space is a firm devoting to management discussion and analysis (MD&A), and what level of detail is being provided on current or forward looking risks relative to peer group? Also of interest is the pattern of filings, such as whether a firm is timely or late, or if a filing is subsequently amended. There is also the consideration of non-financial elements like abrupt changes in management, auditors, accounting methods, and so forth.
IvySchmerken
50%
50%
IvySchmerken,
User Rank: Author
7/18/2014 | 9:24:45 AM
Re: Opportunities in plain sight as well...
Thanks for your comments, Perry. Reading the footnotes in 8k and 10k reports has proven to be very valuable. Wasn't it Enron that buried its holdings of OTC derivatives in the footnotes? But this type of granular analysis can be very time consuming and many people probably don't do it. As you point out, XBRL can help firms mine thousands of data points. What kinds of nuggets are you finding buried in these data elements?
pbeaumont
50%
50%
pbeaumont,
User Rank: Apprentice
7/17/2014 | 5:44:22 PM
Opportunities in plain sight as well...
Just as Mitchel correctly states that many risks can be avoided by digitizing paper documents, there are many opportunities that can be captured with a methodical analysis of financial documentation as well.  Nearly one in five public company documents filed with the SEC are subsequently amended, and all manner of key data are embedded within footnotes, fine print, and cross-referencing resources (as with "incorporation by reference").  Our research shows there are appreciable rewards that can be achieved with a proper mining of relevant data elements, especially today when public firms are required to file information using machine readable formats (XBRL and other), which in turn facilitates the analysis of thousands of datapoints at a time.    

Perry Beaumont, Ph.D.


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.