1. Wachovia did a great job working with what they had and becoming the fourth largest financial service company in the United States and the third largest brokerage firm in the country. It is easy to tell from the case study why the company became so successful. First, they stated that the business executives are making decisions based on what they need to do. This is important because they are not worried about how much work it will take, they are just making sure that things get done. The company did not spend more than they needed to. They made CAS less expensive than the alternative which allowed for more leverage which is important for companies. This will help the company not become bankrupt by needing to sell at a lower cost. Wachovia Bank was not afraid of growing. They continued to merge with other banks in order to help the company grow. They also opened up and added a retail brokerage business which opened many doors for them. They make the investments that they need to in technology in order to keep all of the user’s information safe and secure.
Wachovia’s CAS: Harnessing the Value of Multiple Content Repositories Across a Large Enterprise. (n.d.). Retrieved from http://gilbane.com/case_studies_pdf/CTW_Wachovia_Final.pdf#_Toc88022904
2. Compliance management is a task that is relatively daunting for any individual. With so many variables coming into play, it can be difficult to implement properly. In the case of being a CISO for a financial company, those variables increase dramatically because of the additional regulations in place such as the Gramm-Leach-Bliley Act. I would approach this scenario using the 7 steps recommended by Michael Rasmussen: Document the policy, assign oversight, personnel screening and access control, training to ensure compliance, perform regulatory audits/monitoring, enforce the control environment, and respond to incidents and gaps in IT controls (Rasmussen, 2006). Each of these steps provides the necessary framework to implement a sound compliance management program along with its maintenance.
Regulations that impact the organization include both the Gramm-Leach-Bliley act and Sarbanes-Oxley Act of 2002. Both directly affect the banking industry and the way information is handled. I would recommend a compliance tool, I like the MasterControl Compliance tool. This tool provides sound compliance and audit management which are two steps of the aforementioned 7 step plan. Justification for cost simply boils down to how much ROI this tool can return. In this case, their average ROI within 12 mos. is 160%. Of course we would have to punch those numbers in ourselves to determine our ROI but with big companies such as Qualcomm and Johnson & Johnson using this tool, its safe to say this may be an appropriated purchase.
MasterControl. (2016). Make Compliance a True Competitive Advantage for Your Business. Retrieved March 29, 2017, from http://www.mastercontrol.com/capterra/?source=cap-qms-comp-lp1
Rasmussen, M. (2006, March 1). 2006 7 Steps to a Highly Effective IT Compliance Program. Retrieved from https://iaonline.theiia.org/7-steps-to-a-highly-effective-it-compliance-program