Email Alerts
-
Briefing: Governing risk management and compliance
Organizations can waste resources by not syncing risk management and compliance efforts. Here’s how to adapt risk management and stay compliant. AIOG
-
Briefing: Governing risk management and compliance
Compliance Briefing
-
FAQ: How do corporate social media policies hold up against labor law?
Corporate social media policies are designed to protect against employees posting job complaints online, but cases show labor laws’ interpretation of these rules is fuzzy at best. FAQ
-
Do corporate social media policies hold up in court?
Corporate social media policies are designed to protect against employees posting job complaints online, but cases show labor laws’ interpretation of these rules is fuzzy at best. AIOG
-
Quiz: How are online security threats influencing business processes?
Businesses and their employees have proven vulnerable to the latest online security threats. Take our quiz to see if you’re ready to protect your business, and its bottom line. Quiz
-
FAQ: What is the Computer Fraud and Abuse Act?
The Computer Fraud and Abuse Act of 1986 was originally designed to combat hacking, but amendments that dramatically broadened its scope and penalties have drawn some criticism. Compliance FAQ
-
Guide to balancing risk management and compliance
Protection from risk does not equal compliance, and vice versa. Here are strategies for balancing the two to protect your company from all angles. AIOG
-
Guide to balancing risk management and compliance
Protection from risk does not equal compliance, and vice versa. Here are strategies for balancing the two to protect your company from all angles. Compliance Briefing
-
Up to speed on data security and privacy? Take our quiz to find out
Data breaches. Malware. Social media. These are just a few of the areas causing data security and privacy headaches. Take our quiz to see how aware you are of the latest trends. Quiz
-
FAQ: How will the Google settlement affect Internet advertising laws?
Google has agreed to a $500 million settlement for illegally assisting online pharmacies via its AdWords program. Here's why the Google settlement could have wider ramifications. FAQ
- See More: Essential Knowledge on Managing governance and compliance
-
Emerging technology both a boon and bane to GRC strategy
Advanced technologies create more data than ever for companies to protect, but it's not all bad news. Here's why using the latest cutting-edge tools can help your GRC strategy. News | 14 May 2012
-
As GRC technology becomes more complex, so do buying decisions
The GRC technology market has become increasingly targeted but companies' buying decisions have not followed suit. How can you make sure you're getting the most bang for your buck? News | 14 May 2012
-
Governing the complications of social media security and compliance
Technology law expert Jeffrey Ritter discusses the obstacles to governing social media security in 21st century business and what companies can do to protect their information. News | 07 May 2012
-
Aruvio unveils new cloud GRC tool
GRC platform vendor Aruvio has rolled out AruvioGRC, describing the cloud-based tool as faster, cheaper and easier to use than conventional GRC software. Product Spotlight | 04 May 2012
-
Summit organizers promise real-world examples of leading GRC strategy
Presenters at the upcoming GRC Summit Boston preview what attendees can expect to learn about optimizing their GRC strategy in today's regulatory landscape. News | 27 Apr 2012
-
A bit late: Wal-Mart to name global compliance officer
Already neck deep in a Mexican bribery scandal, retail giant Wal-Mart now says it will name a global compliance officer to police the company. News | 24 Apr 2012
-
ISACA: Update to COBIT 5 governance framework maximizes IT assets
ISACA’s update to its popular COBIT 5 framework incorporates a business-wide approach the organization says helps enterprises maximize their information and technology assets. News | 23 Apr 2012
-
EU, US promise continued online data privacy dialogue
The E.U. and U.S. have announced a joint commitment to an online data privacy framework. How will it impact Internet-based international trade compliance? News | 20 Mar 2012
-
Excellence.gov proves innovation and compliance not mutually exclusive
The annual Excellence.gov Awards recognize the best service-enhancing government IT programs -- and the winners prove that innovation does not have to come at the expense of compliance. News | 16 Mar 2012
-
Compliance Q&A: EPIC rep discusses objections to Google privacy policy
In this Q&A, EPIC Consumer Protection Fellow David Jacobs discusses the organization’s objections to Google’s privacy policy and how to improve online consumer privacy. News | 20 Feb 2012
- See More: News on Managing governance and compliance
-
How regulation should -- and shouldn't -- influence cybersecurity policy
Recent breaches display the importance of cybersecurity policy, and regulations provide a decent data protection roadmap. But compliance does not automatically equal security. Tip
-
Pilot program best practices to help determine your GRC requirements
It’s important to be familiar with your organization's exact GRC requirements when choosing which tools to buy, build or outsource. Here’s how a pilot program can help guide you. Tip
-
New and not-so-new security twists in the Cybersecurity Act of 2012
The Cybersecurity Act of 2012 gives the government more control over the private sector’s information security. But are the new rules really needed? Our expert says no. Tip
-
Our dangerous overdependence on information technology audits
Although information technology audits can uncover GRC gaps, lower-level issues are often overlooked when relying on them for security assurance, says contributor Kevin Beaver. Tip
-
Sustainability: From strategic objective to compliance operation
With the increased interest in going green, sustainability and compliance are now directly related. But making sustainability integral to your compliance operation is not easy. Tip
-
False alarms: Analyzing your leading risk management indicators
To alleviate risk, it’s necessary to validate risk management indicators specific to your organization. Here’s how, and why avoiding it could negatively affect your GRC program. Tip
-
Using governance, risk and compliance to improve business performance
Governance, risk and compliance are vital to every successful business, but our expert says companies often don’t take advantage of GRC’s critical influence on performance. Tip
-
Best practices to help meet your organizational compliance objectives
Meeting compliance objectives is not just up to IT anymore -- a collaborative approach is necessary. Here’s advice to achieve top-down organizational compliance at your company. Tip
-
Q&A: Fit sustainability into an enterprise risk management strategy
IT strategy expert Adrian Bowles discusses risk management and sustainability trends, and why joining the two is vital to a solid and comprehensive enterprise risk management strategy. Tip
-
Best practices for risk management and sustainability convergence
As the term ”sustainability" has become popular in business, some have questioned its relationship with GRC. But risk management and sustainability are not mutually exclusive. Tip
- See More: Tips on Managing governance and compliance
-
A written information security policy (WISP) example for compliance
Looking for a Written Information Security Policy (WISP) example for compliance with the Massachusetts data protection law? In this expert response, Ernie Hayden gives readers just that. Ask the Expert
-
Is a PCI DSS report on compliance confidential?
Learn about the confidentiality of a PCI report on compliance, and a compliance audit report in general in this expert response from Ernie Hayden. Ask the Expert
-
Who is in charge of the Massachusetts data protection law audit?
Learn more about the process of data protection audits for the Massachusetts data protection law. Ask the Expert
-
Personally identifiable information guidelines for U.S. passport numbers
Do U.S. passport numbers count as personally identifiable information? Learn more about guidelines for PII in this security management expert response from David Mortman. Ask the Expert
-
Encryption of mobile devices under Massachusetts data protection law
BlackBerrys and iPhones are everywhere, but under the new Massachusetts data protection law, is it necessary to encrypt their contents? Learn more in this response from security management expert David Mortman. Ask the Expert
-
FERPA regulation guidelines to email student personal data unencrypted
In order to protect student personal data, FERPA was enacted in 1974. But does protecting that data allow for FERPA educational records to be sent unencrypted via email? Find out in this expert response. Ask the Expert
-
PCI DSS questions: Should full credit card numbers be on a receipt?
Are merchants that fall under PCI DSS allowed to print full credit card numbers on a receipt? Learn more in this response from security management expert David Mortman. Ask the Expert
-
How to protect employee information in email paystubs
Many companies are moving to a system of paperless paystubs. Learn how to protect the information contained in these email paystubs with the use of secure email in this expert response. Ask the Expert
-
Is credit card tokenization a better option than encryption?
Platform security expert Michael Cobb reviews alternatives to encryption that will help protect sensitive data. Ask the Expert
-
Is Word document-comparison software SOX compliant?
The SOX audit process can be daunting, especially when it comes to finding SOX-compliant software. In this expert response, learn whether Word document-comparison software is SOX compliant. Ask the Expert
- See More: Expert Advice on Managing governance and compliance
-
data governance policy
A data governance policy is an organization’s set of information management processes that are designed to assist business administration and protect company assets. Definition
-
social media policy
A social media policy (also called a social networking policy) is a corporate code of conduct that provides guidelines for employees who post content on the Internet either as part of their job or as a private person. Definition
-
corporate social responsibility (CSR)
Corporate social responsibility is an umbrella term used to describe voluntary corporate initiatives concerned with community development, the environment and human rights. Definition
-
information governance
Information governance is a holistic approach to managing corporate information by implementing processes, roles, standards and metrics that treat information as a valuable business asset and mitigate risk. Definition
-
Generally Accepted Recordkeeping Principles (GARP)
Generally Accepted Recordkeeping Principles (GARP) is a framework for managing records in a way that supports an organization's immediate and future regulatory, legal, risk mitigation, environmental and operational requirements. Definition
-
control framework
A control framework is a data structure that organizes and categorizes an organization’s internal controls, which are practices and procedures established to create business value and minimize risk. Definition
-
Federal Information Security Management Act (FISMA)
The Federal Information Security Management Act (FISMA) defines a comprehensive framework to protect government information, operations, and assets against natural or human-made threats... (Continued) Definition
-
IT controls
An IT control is a procedure or policy that provides a reasonable assurance that the information technology (IT) used by an organization operates as intended, that data is reliable and that the organization is in compliance with applicable laws and r... Definition
-
Solutions to help meet mobile device security, compliance objectives
In SearchCompliance.com’s latest Compliance Product Spotlight, find information on mobile device security tools and other solutions to help your organization meet compliance objectives. Product Spotlight
-
Wal-Mart 'rightsizes' Sarbanes-Oxley plan for corporate governance
Corporations are still tuning Sarbanes-Oxley. In this podcast, Lyle Smith, director of SOX compliance at Wal-Mart, discusses how to "rightsize" the compliance bellwether. Podcast
-
Jim Reavis on cloud computing security and regulatory compliance
Jim Reavis of the Cloud Security Alliance talks about how to secure the cloud, including some advice for compliance officers. Video
-
Anti-money laundering compliance trends
In this 11-minute podcast, Neil Katkov, senior vice president at Celent, talks about anti-money laundering compliance trends, including how much companies are spending on their AML programs and what they should look for when evaluating AML software. Podcasts
-
Schneier-Ranum face-off, part 3: Compliance and security
In this third part of Schneier and Ranum's Face-off at ISD 2009, the two security pros address questions surrounding how security and compliance interact, and how to get executives to care about security beyond simple compliance. Video
-
Schneier-Ranum face-off, part 1: The future of information security
At Information Security Decisions 2009, Bruce Schneier and Marcus Ranum took to the stage to discuss some of the most contested issues in information security. This first part covers questions on the future of the industry. Video
-
Part 3: Marcus Ranum on the state of information security
At Information Security Decisions 2009, Marcus Ranum discusses the realities of compliance and standards and why security has caught lawmakers' attention. Video
-
Business model risk is a key part of your risk management strategy
Management consultants Amit Sen and John Vaughan discuss business model risk, a way to apply risk management policies to new or changed business processes. Podcast transcript
-
Screencast: Leveraging IT infrastructure for compliance with Brian Babineau
Learn how to harness existing IT infrastructure for creating a sustainable long-term compliance operation in this screencast featuring Brian Babineau, senior analyst at Enterprise Strategy Group. Video
-
Podcast: New Massachusetts data protection law mandates IT compliance
In this podcast from SearchCompliance.com, a state CIO and general counsel explain how a strict new Massachusetts data protection law will affect IT compliance and businesses. Podcast
- See More: Multimedia on Managing governance and compliance
-
Emerging technology both a boon and bane to GRC strategy
Advanced technologies create more data than ever for companies to protect, but it's not all bad news. Here's why using the latest cutting-edge tools can help your GRC strategy. News
-
As GRC technology becomes more complex, so do buying decisions
The GRC technology market has become increasingly targeted but companies' buying decisions have not followed suit. How can you make sure you're getting the most bang for your buck? News
-
Governing the complications of social media security and compliance
Technology law expert Jeffrey Ritter discusses the obstacles to governing social media security in 21st century business and what companies can do to protect their information. News
-
Aruvio unveils new cloud GRC tool
GRC platform vendor Aruvio has rolled out AruvioGRC, describing the cloud-based tool as faster, cheaper and easier to use than conventional GRC software. Product Spotlight
-
How regulation should -- and shouldn't -- influence cybersecurity policy
Recent breaches display the importance of cybersecurity policy, and regulations provide a decent data protection roadmap. But compliance does not automatically equal security. Tip
-
Summit organizers promise real-world examples of leading GRC strategy
Presenters at the upcoming GRC Summit Boston preview what attendees can expect to learn about optimizing their GRC strategy in today's regulatory landscape. News
-
A bit late: Wal-Mart to name global compliance officer
Already neck deep in a Mexican bribery scandal, retail giant Wal-Mart now says it will name a global compliance officer to police the company. News
-
ISACA: Update to COBIT 5 governance framework maximizes IT assets
ISACA’s update to its popular COBIT 5 framework incorporates a business-wide approach the organization says helps enterprises maximize their information and technology assets. News
-
Pilot program best practices to help determine your GRC requirements
It’s important to be familiar with your organization's exact GRC requirements when choosing which tools to buy, build or outsource. Here’s how a pilot program can help guide you. Tip
-
EU, US promise continued online data privacy dialogue
The E.U. and U.S. have announced a joint commitment to an online data privacy framework. How will it impact Internet-based international trade compliance? News
- See More: All on Managing governance and compliance
About Managing governance and compliance
Governance and compliance go hand in hand. Get the latest news, advice and commentary on effectively managing the compliance and governance initiatives within your organization.