tiero - Fotolia
IT Compliance Advisor
IT Compliance Advisor is the blog companion to SearchCompliance.com, which examines strategic issues that are important to IT professionals who manage governance, risk management and compliance infrastructure and operations.
Recent Posts
-
'Gen V' attacks: The next cybersecurity problem?
- Community Member 04 May 2018 -
SheHacks hackathon at BU promotes female tech advancement
- Community Member 16 Feb 2018 -
Being Cyber Essentials certified will help prep for GDPR
- Former News and Features Writer 09 Feb 2018
In a recent online presentation, Check Point Software Technologies founder and CEO Gil Shwed stated that "we are at an inflection point" when it comes to cybersecurity. Shwed's statement came on ...
For 36 hours during the last weekend in January, more than 1,000 attended one of the largest women's hackathons ever at SheHacks Boston. SheHacks Boston organizer Natalie Pienkowska said that the ...
With enforcement of the EU General Data Protection Regulation (GDPR) in the offing, organizations are busy preparing for a new era in privacy regulation. But UK companies that are Cyber Essentials ...
-
Alphabet unveils Chronicle cybersecurity business unit
- Former News and Features Writer 31 Jan 2018 -
Cybersecurity professionals struggle to make their job a priority
- Former News and Features Writer 15 Dec 2017 -
Cybersecurity insurance only a piece of data protection strategy
- Former News and Features Writer 30 Nov 2017 -
Government, business cybersecurity cooperation still faces roadblocks
- Former News and Features Writer 14 Nov 2017 -
Risk mapping key to security, business integration
- Former News and Features Writer 31 Mar 2017 -
The case for multi-vendor certifications
- Executive Editor 22 Dec 2016 -
GRC news roundup: Russian hacking allegations persist
- Editorial Assistant 19 Dec 2016
There is a new moonshot in cybersecurity, and Google's parent company is calling it Chronicle. Alphabet's cybersecurity business unit launched last week and plans on selling cybersecurity services ...
Despite recent high profile data security incidents, it seems business leaders still are not acknowledging their IT vulnerabilities: In a recent cybersecurity study, 20% of survey respondents cited ...
Cybersecurity incidents remain a growing risk for the enterprise in today's digital world. As a result, an organization's cybersecurity strategy usually isn't just about prevention anymore, but ...
Panelists speaking at a session titled Right Hand, Left Hand: Transparency, Communication and Conflict at the recent Cambridge Cyber Summit agreed that the government and private industry must ...
InfoSec should start talking to the business in the language of security risk,Tom Kartanowicz, head of information security at Natixis, North America, told the audience at the recent CDM Media CISO ...
For information technology professionals, obtaining certifications have become an important way to demonstrate their knowledge, experience and qualifications. Although certification programs are ...
After the U.S. was allegedly plagued by Russian cyberattacks during the election, members of both the Democratic and Republican parties are now calling for investigations. Also in recent GRC news: ...
-
Trump presidency raises questions for regulatory compliance
- Editorial Assistant 01 Dec 2016 -
Flexibility, speed needed for corporate data protection
- Former News and Features Writer 30 Nov 2016 -
Now is the time to ante up on IoT security
- Former News and Features Writer 22 Nov 2016 -
GRC roundup: Trump's transition team looks to dismantle Dodd-Frank
- Editorial Assistant 17 Nov 2016 -
FCC privacy restrictions could hinder AT&T's targeted ad plan
- Editorial Assistant 03 Nov 2016 -
Lack of records management maturity puts PHI, PII at risk
- Former News and Features Writer 31 Oct 2016 -
GRC roundup: UK intelligence agencies' data collection efforts deemed illegal
- Editorial Assistant 20 Oct 2016 -
Snapchat eyes the hardware market with new video-recording sunglasses
- Editorial Assistant 06 Oct 2016 -
ICIT: Stolen EHRs highly profitable on the deep Web
- Former News and Features Writer 21 Sep 2016 -
Wells Fargo fires 5,300 employees for illegal sales practices
- Editorial Assistant 20 Sep 2016 -
Company culture essential to strong ethics and compliance program
- Former News and Features Writer 16 Sep 2016 -
Apple tax troubles: EU says Apple owes Ireland $14.5B in unpaid taxes
- Editorial Assistant 08 Sep 2016 -
Security experts fear voting machine hacks during general election
- Editorial Assistant 24 Aug 2016 -
Bitcoin hack leaves investors apprehensive
- Editorial Assistant 15 Aug 2016 -
Privacy Shield gets regulators' stamp of approval
- Site Editor 28 Jul 2016 -
Gartner: Cybersecurity control a concern for digital businesses
- Former News and Features Writer 15 Jul 2016 -
New Jersey CTO targets compliance, security standards
- Site Editor 13 Jul 2016 -
Medical records theft from NFL team's trainer could violate HIPAA
- Site Editor 17 Jun 2016 -
As IoT and big data increase cyber risks, industry on the defensive
- Former News and Features Writer 31 May 2016 -
How security standards help companies prioritize data protection
- Site Editor 26 May 2016 -
Businesses must look beyond regulations for security and privacy guidance
- Site Editor 26 May 2016 -
Five reasons to invest in ISO 27001 and other security certifications
- Executive Editor 09 May 2016 -
PCI DSS 3.2 multifactor requirement among the version's biggest changes
- Site Editor 05 May 2016 -
At Google, company culture key is to assuring consumer privacy
- Site Editor 28 Apr 2016 -
FCC's consumer privacy proposal: Harmful to innovation?
- Site Editor 15 Apr 2016 -
Twine Health CEO: Frequent, real-time interaction boosts patient trust
- Site Editor 12 Apr 2016 -
SecureWorld Boston highlights value of partnerships
- Site Editor 31 Mar 2016 -
ACLU of Mass. director: Accountability required for data privacy law reform
- Site Editor 31 Mar 2016 -
Cybersecurity questions get the boardroom's attention
- Site Editor 24 Mar 2016 -
RSA 2016: Adobe, Google and Microsoft prepare for EU GDPR
- Site Editor 08 Mar 2016 -
Privacy Shield faces challenges as regulators, businesses adapt
- Site Editor 26 Feb 2016 -
Privacy Shield details lacking, but so far varies little from Safe Harbor
- Site Editor 24 Feb 2016 -
Apple, FBI face off in iPhone backdoor debate
- Site Editor 19 Feb 2016 -
Barclays, Credit Suisse to pay $154M for 'dark pool' trading violations
- Site Editor 05 Feb 2016 -
FTC report: Big data analytics could prove harmful to consumers
- Site Editor 21 Jan 2016 -
Repeat HIPAA violators face minimal ramifications
- Site Editor 07 Jan 2016 -
GDPR: How will the EU data protection law impact U.S. industry?
- Site Editor 22 Dec 2015 -
New York proposes banking rules to block terrorism funding
- Site Editor 09 Dec 2015 -
Privacy vs. public safety remains central to encryption debate
- Site Editor 25 Nov 2015 -
Beyond BYOD: How new tech is driving digital information governance
- Executive Editor 18 Nov 2015 -
Fed Chair says regulatory compliance problems persist at large banks
- Site Editor 12 Nov 2015 -
Goldman Sachs faces $50 million fine to settle document leak case
- Site Editor 29 Oct 2015 -
What's compliance worth to the business?
- Site Editor 15 Oct 2015 -
As regulatory wave swells, boards put new focus on compliance functions
- Site Editor 15 Oct 2015 -
Fitbit achieves HIPAA compliance, targets more corporate customers
- Site Editor 30 Sep 2015 -
Court rules that Dodd-Frank protects internal whistleblowers
- Site Editor 16 Sep 2015 -
Apple CEO Tim Cook's email may have violated SEC disclosure rules
- Site Editor 02 Sep 2015 -
Information governance key to compliance automation success
- Executive Editor 27 Aug 2015 -
SEC greenlights Dodd-Frank pay-ratio rule, backs internal whistleblowers
- Site Editor 19 Aug 2015 -
DOJ enlists compliance counsel to determine corruption charges
- Site Editor 05 Aug 2015 -
Finance firms spend millions on compliance, but lack long-term strategy
- Site Editor 31 Jul 2015 -
Dodd-Frank creators discuss the law's impact; SEC leads FIFA bribery probe
- Site Editor 22 Jul 2015 -
SEC commissioner calls for expanded Reg SCI; PCI SCC updates P2P standard
- Site Editor 09 Jul 2015 -
Hackers had access to U.S. government data for a year
- Site Editor 25 Jun 2015 -
Panel offers C-level temperature on security as IoT gains steam
- Executive Editor 12 Jun 2015 -
U.S. government breach could have accessed private citizens' data
- Site Editor 11 Jun 2015 -
Data as currency: Balancing risk vs. reward
- Executive Editor 05 Jun 2015 -
Wall Street, small banks still plagued by regulatory compliance enforcement
- Site Editor 28 May 2015 -
SEC calls for more executive pay transparency; proposed law could allow hacked firms to keep mum
- Site Editor 06 May 2015 -
Lawmakers race to pass cybersecurity bill; NSA wants front door into encrypted devices
- Site Editor 22 Apr 2015 -
New U.S. sanctions target foreign hackers; Facebook battles EU over privacy
- Site Editor 08 Apr 2015 -
FBI takes a step toward broader hacking authority; most companies fail PCI compliance tests
- Site Editor 26 Mar 2015 -
Will weak incentives for security investment force regulatory intervention?
- Site Editor 11 Mar 2015 -
AT&T's high-speed service comes with a privacy fee; Google bows to privacy spot checks
- Site Editor 26 Feb 2015 -
FCC chairman urges strong Internet regulation; Anthem breach might set a precedent
- Site Editor 11 Feb 2015 -
Website offers hackers for hire; Obama pushes new data privacy laws
- Site Editor 20 Jan 2015 -
More U.S. firms look to hack back after Sony data breach
- Site Editor 07 Jan 2015 -
Eight principles of information governance and risk management
- Executive Editor 15 Apr 2013 -
Considering a career in compliance? Heed these warnings first
- Principle Logic, LLC 18 Jan 2013 -
Five corporate compliance program traits you need to prevent breaches
- Principle Logic, LLC 08 May 2012 -
Seven common regulatory compliance requirement assumptions to avoid
- Principle Logic, LLC 17 Oct 2011 -
How do you align an IT risk assessment with COBIT controls?
19 Mar 2009
The future of regulatory compliance is under scrutiny as President-elect Donald Trump's administration continues the transition process. Also in recent GRC news: Hackers demanded ransom after ...
In today's threat-filled environment, money is not always a hacker's prime motivation. They could be driven by political reasons or just want to embarrass organizations. But irrespective of their ...
The massive DDoS attack on Oct. 21 was a harbinger of bad news, according to cybersecurity expert Bryce Austin. It is a prime example that the IoT makes cybercriminals increasingly capable of ...
Will President-elect Trump's transition team follow through on promises to get rid of Dodd-Frank compliance regulations? Also in recent GRC news, tech companies urge Trump to back encryption; and ...
New privacy rules passed by the FCC could influence AT&T's plans for its acquisition of Time Warner. Also in recent GRC news, the internet of things proves useful to hackers and privacy ...
Records management is more vital than ever to business success, but not enough organizations care about it, according to Rick Tucker. To prove it, Tucker, vice president of sales and marketing at ...
Government intrusion of data privacy continues to be a global issue, as a British court recently ruled that UK security agencies illegally collected citizens' data for 17 years. Also in recent GRC ...
Snap, Inc., the company behind the popular photo and video messaging app Snapchat, is releasing a pair of photo and video-capturing glasses that have some worried about the possible privacy ...
When Anndorie Cromar received a call from Child Protective Services that they were coming to take her children away, she was flabbergasted. She was unaware that her medical identity was stolen and ...
Wells Fargo has been fined $185 million and fired more than 5000 employees after the discovery of an illegal sales push that duped customers for years. Also in recent GRC news, U.S. businesses with ...
Last week, San Francisco-based Wells Fargo bank was fined $185 million because employees opened two million unauthorized bank and credit card accounts. About 5,300 employees associated with this ...
The E.U. has ordered Ireland to collect more than $14B in taxes from Apple that, according to the E.U., have gone unpaid for years. Also in recent GRC news, state voter registration system breaches ...
After a Democratic National Committee email leak, security experts are warning against a possible voting machine hack come November. Also in GRC news, the New York branch of one of Taiwan's largest ...
Investors are nervous about bitcoin's future value after Bitfinex, one of the world's "big four" bitcoin exchanges, was hacked and had nearly $65 million worth of bitcoins stolen. Also in recent ...
The Privacy Shield data transfer pact finally received the green light from U.S. and EU privacy regulators, and businesses can begin registering to comply with the framework Aug. 1. Also in recent ...
Digitization requires big changes to companies' strategic processes, and security is no different: In a recent report, Gartner predicts that 60% of digital businesses will experience major service ...
New Jersey's new chief technology officer has announced plans to boost data security by ramping up compliance monitoring in the state. In other GRC news, the Consumer Financial Protection Bureau ...
Late last month, the NFL Players Association informed its member teams that a Washington Redskins trainer's laptop containing players' medical records was stolen and that it would collaborate with ...
The time isn’t far away when everything in our lives, from furniture to coffee pots, will have the ability to be "smart." Various reports estimate that there will be anywhere between 30 to 200 ...
In part one of this blog post, John Pescatore, director at the nonprofit cybersecurity training provider SANS Institute, delved into the legal challenges companies face as they strive to secure ...
Last month, Sens. Richard Burr and Dianne Feinstein from the Senate Select Committee on Intelligence unveiled a draft of the Compliance with Court Orders Act of 2016 that would require all ...
Kyle Anixter, PMO manager of IT services at Curvature, discusses the business benefits of ISO 27001 certification that go beyond just data security.
Details surrounding the updated Payment Card Industry Data Security Standard show that version 3.2 includes new multifactor authentication and encryption requirements. Also in recent GRC news: SEC ...
The lack of comprehensive federal privacy legislation leaves not only consumers vulnerable, but also companies frustrated. Many consumers lack information about the many ways their personal data is ...
The FCC's newly proposed privacy protection rules requires broadband and wireless providers to obtain consumer consent before collecting and sharing their data, but some are concerned this approach ...
Despite the prevalence of consumer data collection and analysis today, there remains a glaring lack of clear policies and legislation around the protection of that data, according to privacy ...
Some 1,500 cybersecurity professionals gathered at this week's SecureWorld Boston conference that featured discussions with leading industry experts about today's best cybersecurity practices. The ...
Drawing the line between protecting consumers' right to data privacy and giving the government access to that data to keep the public safe isn't as simple as looking at legal cases that have dealt ...
"Security has transcended from an IT issue to a boardroom issue." This was how Microsoft corporate vice president and CISO Bret Arsenault opened his panel discussion at last month's RSA Conference ...
When General Data Protection Regulation -- a new EU-wide data protection framework that will replace Safe Harbor -- was introduced by European Union on December 2015, global companies such as Adobe ...
Currently, there are very few concrete details available to the public regarding Privacy Shield, the newly proposed EU-U.S. agreement that will replace the now-void Safe Harbor. In part one of this ...
Two weeks ago, European Commissioner Věra Jourová tweeted that the text for Privacy Shield, a new framework for transatlantic data flows, will be finalized by the end of February. The agreement ...
This week, Apple chief Tim Cook said in a letter to the company's customers that it won't give in to the FBI's demand to create an iPhone backdoor. Plus, the number of resolved FCPA enforcement ...
The U.S. Securities and Exchange commission announced last week that global banks Barclays and Credit Suisse would pay a record total of more than $154 million to settle allegations over "dark ...
Big data analytics have proven extremely beneficial to both companies and consumers across a wide range of industries, producing valuable insight in fields like healthcare, education and ...
Despite several HIPAA violations, recent data analysis found U.S. healthcare providers such as CVS and the VA face few punitive actions. Also in recent GRC headlines: Companies have two more years ...
Three years in the making, European Union officials finally agreed on a draft of the General Data Protection Regulation. The EU-wide legal framework sets standards for data collection, sharing and ...
The governor of New York has introduced new state banking rules designed to curb money laundering and block terrorism funding. Also in recent GRC news: Most healthcare organizations lack ...
In the wake of the horrific attacks in Paris earlier this month, government and intelligence officials pointed a finger at end-to-end encryption (E2EE) and how it enabled attackers to "go dark" -- ...
(This blog post was written by Diane K. Carlisle, executive director of content at ARMA International.) Day by day, effective information governance (IG) is made more urgent and more complicated by ...
In recent regulatory compliance news, the Federal Reserve Chairwoman testified before a House panel that very large U.S. banks still experience "substantial" GRC management failures; recent ...
This week, Goldman Sachs agreed to pay a $50 million fine to settle a case in which a former employee leaked confidential information from the New York Fed. Also in the news: Bristol-Myers Squibb ...
In part one of this blog post, we unpack the drivers behind the surge of demand on compliance investments and skilled staff, including new agencies that take a behavior-based approached to ...
Boards of directors are increasingly seeing the value of regulatory compliance, as the past year has seen a worldwide spike in compliance spending and the hiring of skilled compliance staff, ...
Wearable fitness tracker company Fitbit recently announced that its devices are now HIPAA-compliant, broadening the types of businesses it aims to work with. Also in recent GRC news: CFOs report ...
The Second U.S. Circuit Court last week decided that whistleblowers who report internally before going to the SEC are covered by Dodd-Frank's anti-retaliation rules. In other recent GRC headlines: ...
Lawyers say Apple CEO Tim Cook may have flouted the Securities and Exchange Commission's fair-disclosure regulation when he sent a CNBC correspondent an email containing company performance ...
(This blog post was written by Diane K. Carlisle, executive director of content at ARMA International.) So, your attempt to manage the governance, risk, and compliance (GRC) program with a series ...
The U.S. Securities and Exchange Commission (SEC) announced this month that it has approved a contentious pay-ratio rule first introduced by the Dodd-Frank Act five years ago. Also in recent ...
The U.S. Justice Department is in the process of taking on a compliance specialist to help determine whether to prosecute companies charged with foreign bribery. Also in recent GRC news: Mead ...
Numerous regulations were introduced worldwide to make financial services institutions more resilient following the monetary crisis of 2007 to 2008. Now, these regulations, which global management ...
Five years after the Dodd-Frank Act was enacted, the creators of the law contemplate the wide-ranging legislation's impact on the financial and banking industries. Also in recent GRC news: The SEC ...
SEC commissioner Luis Aguilar strongly urged his colleagues at a cybersecurity conference last month to push Reg SCI up on their priority lists, particularly in terms of widening the regulation's ...
The U.S. government data breach announced last week began a year ago, giving the perpetrators plenty of time to access federal employees' personal information, according to the NSA. Also in recent ...
(This blog post was written by Aislyn Fredsall, an editorial assistant for the TechTarget CIO media group through Northeastern University's co-op program.) Is security no longer a major concern for ...
U.S. officials say the recent hack of government computer systems affects 4 million current and former federal employees, but the breach could have impacted private citizens, too. Also in the news: ...
(This blog post was written by Jeff Whited, senior manager of education development at ARMA International.) By leveraging big data as an asset, organizations are tapping new business efficiencies ...
If recent headlines are any indication, Wall Street banks and other financial institutions continue to garner poor marks when it comes to regulatory compliance: Earlier this month, several major ...
The Securities and Exchange Commission (SEC) is pushing to provide U.S. shareholders with better metrics to compare executive pay against company performance. In other GRC headlines from recent ...
Much to the chagrin of privacy advocates, U.S. legislators have been pushing to pass a bill to improve cyberthreat intelligence sharing before discussing National Security Agency (NSA) surveillance ...
Following the recent streak of high-profile cyberattacks on U.S. companies, the Obama administration last week unveiled a program that would impose sanctions on individuals or groups overseas that ...
The FBI's quest to expand its hacking authority moved forward last week: A judicial advisory panel approved a rule change regarding how flexible judges can be in granting search warrants outside ...
Data breaches have been intensifying in recent years, but security expert Benjamin Dean argues that many companies still lack motivation to invest in more robust information security. Also in ...
AT&T's has begun rollout of a fiber-optic Internet service that furnishes customers with high-speed access, but they must pay an extra monthly charge if they want to keep their browsing habits ...
In a bold effort to ensure net neutrality, FCC Chairman Tom Wheeler has proposed a new set of rules that would treat the Internet as a public utility and prohibit pay-to-play fast lanes. Also in ...
Hackers may have found a way to commercialize their services as individuals begin to seek "hackers for hire" to carry out low-profile cyberintrusions. In other recent governance, risk and ...
Business cybersecurity -- or the lack thereof -- continued to make headlines in the past few weeks as more U.S. private-sector firms consider counteroffensive tactics against attackers. Also in ...
(This blog post was written by Marilyn Bier, chief executive officer of ARMA International.) Organizations depend on information to manage day-to-day operations, comply with regulations, gauge ...
So you want to pursue a career in compliance? I can't really blame you. With a median salary of more than $60,000, it can certainly pay off -- and the sky's the limit moving forward. Of course, ...
If you look at news headlines, you’d think the sky were falling with all of the hack attacks and subsequent data breaches taking place. Just glancing at the Chronology of Data Breaches says it all. ...
Compliance means different things to different people. Indeed, regulatory compliance requirements are -- and should be -- handled differently based on the unique needs of the business. The ugly ...
[One of our readers, compliance officer Ramon de Bruijn, wrote to the editors of SearchCompliance.com at [email protected] last month looking for some advice. Specifically, he asked "What ...