Features

Features

• 10 CCPA enforcement cases from the law's first year

  It's been more than a year since CCPA enforcement began, and organizations started hearing from the California attorney general. Explore 10 early cases of alleged noncompliance.  Continue Reading

• CCPA compliance still unclear long past deadline

  Despite the July 1 CCPA compliance deadline having long past, many executives are still unclear how the law applies to their business. Privacy experts weigh in on the latest enforcements.  Continue Reading

• CMMC requirements set to ripple throughout DOD supply chain

  The Department of Defense's CMMC requirements target defense contractors, but organizations throughout the DOD supply chain -- and beyond -- are prepping for the standards.  Continue Reading

• 5 PCI DSS best practices to improve compliance

  Increased rates of PCI noncompliance are worth examining, as are PCI DSS best practices and tips for small and medium-sized companies. Read more in-depth compliance coverage here.  Continue Reading

• Fighting PCI non-compliance could require new frameworks, zero trust

  Falling PCI DSS compliance rates could force the PCI Security Standards Council to be more open to other regulatory frameworks and make enterprises aim higher in terms of data security. Could zero trust be part of the solution?  Continue Reading

• Why better data visibility is necessary for your business

  Lack of visibility into growing volumes of data leaves organizations at a privacy compliance and business disadvantage, but new data governance rules can help.  Continue Reading

• In comparing GDPR and CCPA, lessons in compliance emerge

  In anticipation of the CCPA Jan. 1, 2020, implementation date, business leaders should understand the parallels between GDPR and CCPA to learn from the EU's GDPR rollout period.  Continue Reading

• GDPR compliance benefits emerge a year and a half later

  While some may see GDPR as a set of restrictions, it can improve business practices. Learn more about the GDPR compliance benefits.  Continue Reading

• IAM-driven biometrics in security requires adjustments

  IAM is foundational to cybersecurity, but the latest systems use biometrics and other personal data. Learn how to cope with the resulting compliance and privacy issues.  Continue Reading

• SEC's iXBRL requirements met with optimism -- and trepidation

  Compliance with the SEC's new Inline XBRL requirements will change financial reporting processes. The benefits are there, but not everyone is optimistic about the change.  Continue Reading

• Compliance rules usher in new era for personal data privacy policy

  With the rollout of data privacy regulations, individual data rights and the right to be forgotten are forcing organizations to re-examine how they handle customer information.  Continue Reading

• EU GDPR terms to know

  Compliance regulations can be complicated to follow, particularly in the new age of data privacy. Here's a breakdown of the must-know terms for companies who are subject to GDPR.  Continue Reading

• State data privacy laws, regulations changing CISO priorities

  Attorney and IT security expert Scott Giordano discusses how the growing number of state data privacy laws are changing CISOs' information management role.  Continue Reading

• AI security tech is making waves in incident response

  Experts weigh in on the latest smart cybersecurity tools -- how they work, the implications for your IT security team and whether the investment is worth the expense.  Continue Reading

• CCPA compliance begins with data inventory assessment

  In this SearchCIO Q&A, multiple experts sound off on major questions businesses have about CCPA compliance ahead of its January 2020 enforcement date.  Continue Reading

• Security, compliance standards help mitigate BIOS security vulnerabilities

  Cybersecurity vulnerabilities associated with PCs often overlook BIOS. Read for strategies to offset these threats and for preventing unauthorized BIOS modifications.  Continue Reading

• Identify gaps in cybersecurity processes to reduce organizational risk

  Organizational risk is a given at modern companies. But as threats persist, identifying preventable cybersecurity gaps presents an opportunity to strengthen enterprise defenses.  Continue Reading

• Lacking data management processes holds back digital business

  The business fallout of poor data management processes goes well beyond security and privacy implications. Evident IT CEO David Thomas explains in this SearchCompliance Q&A.  Continue Reading

• Key elements of an effective incident response playbook

  In this book excerpt, cybersecurity expert and author Bryce Austin highlights the importance of creating an effective incident response plan and delineates its key elements.  Continue Reading

• FAQ: How is digitization influencing SEC compliance priorities?

  As online trading and digital finance becomes the norm, updated SEC compliance regulations target these transactions in an effort to improve digital asset security.  Continue Reading

• Cybersecurity professionals: Lack of training leaves skills behind

  Cybersecurity professionals' increased workloads leave little time for training, leaving their skill sets -- and their companies' data security -- vulnerable to outside threats.  Continue Reading

• FAQ: How is the Privacy Shield Framework being enforced?

  The FTC has issued its first enforcement actions for companies found in violation of the EU-U.S. Privacy Shield Framework, but are the rules doing enough to protect consumer data?  Continue Reading

• Book excerpt: Digital surveillance in the post-Snowden era

  In this book excerpt, author Timothy Edgar explains how Edward Snowden's NSA leaks ushered in a new era for U.S. digital surveillance techniques and privacy protection.  Continue Reading

• Drone regulations evolve as enterprise adoption heats up

  With enterprises embracing drone use to gain competitive advantage, the FAA is easing up on compliance rules targeting drones' use in commercial operations. In this Q&A, attorney Mark McKinnon discusses the evolution of drone regulations.  Continue Reading

• FAQ: How does EU GDPR compliance change data protection processes?

  In this FAQ, learn how compliance with the EU's General Data Protection Regulation requires companies to rethink their data protection policies and processes.  Continue Reading

• Metrics vital to insider threat prevention and mitigation

  Insider threat prevention has become inherent to cybersecurity strategy, but companies must use the right metrics to determine whether their efforts are working.  Continue Reading

• FAQ: How would the Financial CHOICE Act change current compliance regs?

  In this FAQ, we examine how the Financial CHOICE Act of 2017 would change U.S. regulatory compliance mandates targeting the finance industry's business practices.  Continue Reading

• Cybersecurity governance falls short amid rising security budgets

  Companies still struggle to adapt risk management strategies to face modern threats, but maturing their cybersecurity governance processes is a step in the right direction.  Continue Reading

• FAQ: How has the tech industry opposed the travel ban executive order?

  In this SearchCompliance FAQ, learn how members of the technology industry are working together to voice opposition to President Trump's travel ban executive order.  Continue Reading

• Ransomware detection: Can employees help?

  As ransomware attacks continue to escalate, should organizations make employees an integral part of their ransomware detection and prevention strategy?  Continue Reading

• Enterprise CISOs face cybersecurity skills shortage

  Recent studies show that as cyber threats evolve, CISOs will face a cybersecurity talent shortage and an increasingly integral role in company processes.  Continue Reading

• Enterprise cybersecurity strategies: Devising resolutions for 2017

  Companies can expect data threats to proliferate in 2017. To help, security experts outline resolutions organizations should make to bolster their cybersecurity strategies.  Continue Reading

• Enterprise information security and privacy reliant on culture

  Human error remains a threat to data, but privacy advocate Grace Buckler says setting the tone with company culture can offset enterprise information security and privacy risks.  Continue Reading

• Data anonymization techniques less reliable in era of big data

  Data anonymization techniques are designed to preserve privacy of shared data, but do they work with high-dimensional data? Here's what experts have to say.  Continue Reading

• Information security regulations may target IoT, drones

  Calls are growing louder for information security regulations to target consumer-centric technology such as the IoT and drones, but legislating their use could prove difficult.  Continue Reading

• The business case for IG investments in a post-regulatory world

  Continued calls for deregulation may sound like death knell for information governance, but IG investments may prove to be more vital than ever to businesses in 2017 and beyond.  Continue Reading

• Mitigating insider threats remains a major cyber concern

  Expert panelists at the Cambridge Cyber Summit briefed the audience on some of the steps that organizations should implement for mitigating insider threats.  Continue Reading

• FAQ: What are the EU-U.S. Privacy Shield compliance requirements?

  In this SearchCompliance FAQ, learn details about how the EU-U.S. Privacy Shield data protection requirements strive to raise consumer privacy standards.  Continue Reading

• Q&A: With ransomware threat on the rise, is IoT the next victim?

  Etay Maor, executive security advisor at IBM, discusses the growing ransomware threat and why IoT could be the next ransomware target.  Continue Reading

• Evolving tech forces fresh look at IT security processes

  In this Q&A, vArmour CISO Demetrios Lazarikos discusses how rapidly advancing technology is influencing how companies plan and train employees on new IT security processes.  Continue Reading

• Big data security, privacy becomes a concern for marketing analytics

  The proliferation of IoT devices has resulted in an upsurge in data-driven marketing, which in turn can fuel data security, privacy and ethics concerns, experts say.  Continue Reading

• Q&A: How the deep web is used to exploit protected health information

  ICIT Fellow Robert Lord discusses the exploitation of protected health information on the deep web and gives cybersecurity tips on how to best protect these valuable records.  Continue Reading

• Can aligning compliance and information governance create new revenue?

  Jeffrey Ritter discusses the benefits of compliance and information governance process alignment, including the potential for discovering new sources of business revenue.  Continue Reading

• How will the new EU-U.S. data transfer policy change governance?

  The new transatlantic data transfer policy framework may require companies to rethink governance processes to follow its security and privacy protocols.  Continue Reading

• GRC process investment helps boost risk management strategies

  It is important for companies to invest in a GRC process to help boost strategies devised to combat technology-related risks.  Continue Reading

• Q&A: Factors to consider before joining the Privacy Shield framework

  U.S.-based companies can now self-certify under the Privacy Shield framework, but there are numerous operational factors they should consider first.  Continue Reading

• Digital risk management strategies for the data-centric business

  To offset threats from constantly expanding information volumes, business leaders must rethink how they integrate digital risk management tactics throughout their companies.  Continue Reading

• FAQ: What are the International Cybersecurity Principles?

  A consortium of financial services associations is calling for international cybersecurity standards to help avoid conflicting compliance mandates across global markets.  Continue Reading

• Industry gurus tackle blockchain privacy and digital identity

  The decentralized nature of public blockchain has raised concerns about digital identity and blockchain privacy. A panel of experts addresses these questions.  Continue Reading

• Experts wade through hype to shed light on blockchain security

  Along with the hype, there have been plenty of questions around blockchain technology, particularly regarding blockchain security. A panel of experts takes on these concerns.  Continue Reading

• Proposed payday loan regulation seeks additional consumer protections

  A proposed rule is designed to protect consumers from unfair payday lending practices, but legal challenges to the regulation are on the horizon.  Continue Reading

• Verizon: Human error still among the top data security threats

  Verizon's 2016 Data Breach Investigations Report found human vulnerabilities and errors continue to be among companies' top data security threats.  Continue Reading

• FAQ: Will draft bill mandate access to encrypted information?

  Is the Compliance with Court Orders Act draft bill the first step to mandating that tech companies allow access to their products' encrypted communications?  Continue Reading

• Businesses look beyond the finance benefits of blockchain innovation

  Companies from a variety of industries have started exploring how blockchain governance strategies can reduce costs, speed interactions and expand business capabilities.  Continue Reading

• Blockchain compliance raises questions of regulatory scope, intent

  Calls for blockchain compliance regulation are getting louder as digital currencies grow in popularity, but will these rules hinder innovation?  Continue Reading

• 2016 GRC conference calendar for IT leaders

  Attending a GRC conference can keep you up to speed on compliance regulations, risk management strategies and governance trends. Check out our list of upcoming GRC conferences.  Continue Reading

• Big data intelligence increasingly a business, governance priority

  In this Q&A, Jeffrey Ritter discusses how the quest for big data intelligence is forcing governance professionals to move beyond GRC gatekeeping.  Continue Reading

• Bitcoin and blockchain technology use raise cybersecurity questions

  As Bitcoin and blockchain technology increasingly move into the mainstream, cybersecurity regulations could be on the horizon for virtual currencies.  Continue Reading

• Can U.S. states fill the gaps in consumer privacy regulation?

  Because of the slow pace of federal policymaking, companies must rely on state legislators for guidance to protect consumer data. But privacy regulation at the state level has its challenges.  Continue Reading

• Lack of digital governance rules leaves consumer privacy at risk

  Consumer data usage in the U.S. is currently governed by a patchwork of privacy legislation that can't keep up with the digital marketplace and leaves consumers at risk. A consumer bill of rights could be the first step to address this problem.  Continue Reading

• Cybersecurity insurance policies gain popularity as threats persist

  Companies are increasingly turning to liability coverage to protect data assets, but questions remain for the nascent cybersecurity insurance industry.  Continue Reading

• To avoid big data privacy issues, user empowerment is a must

  The use of big data analytics continues to grow -- and so does the list of consumer privacy risks associated with it. At a recent forum, privacy experts called for equipping users with greater understanding and control over their data.  Continue Reading

• Compliance culture: FINRA shifts regulatory focus

  Finance industry regulators have shifted gears in 2016, moving away from checkbox-style regulations and focusing on companies' compliance culture.  Continue Reading

• Managing cybersecurity and supply chain risks: The board's role

  Cybersecurity and supply chain risks are drawing more attention from senior management and board members, but many companies fall short with accountability.  Continue Reading

• Book excerpt: Achieving digital trust in the information age

  In this book excerpt, Jeffrey Ritter explains the essential attributes of digital trust and why it's so important to business success in the information age.  Continue Reading

• To protect corporate cybersecurity, don't ignore the data

  Business leaders aren't taking advantage of analytics data that could help maintain corporate cybersecurity, said GreyCastle Security CEO Reg Harnish.  Continue Reading

• FTC: Analyzing big data creates discrimination risk

  Big data analytics provides several business benefits but could also discriminate against certain individuals and violate consumer data protection rules.  Continue Reading

• Negligence, accidents put insider threat protection at risk

  Malicious employees are usually the focus of insider threat protection efforts, but accidents and negligence are often overlooked data security threats.  Continue Reading

• As threats to data spread, security info sharing debate heats up

  New laws encourage cybersecurity information sharing between the public and private sector, but will the data protection measures infringe on privacy?  Continue Reading

• 'Going dark': Weighing the public safety costs of end-to-end encryption

  'Going dark' -- or the FBI's inability to access data because of encryption -- could put public safety at risk, intelligence officials say. But tech companies argue that strong encryption is needed to protect corporate and customer data.  Continue Reading

• Threats to cloud data security remain a business concern

  As threats to cloud data security continue to evolve, businesses must stay on their toes and incorporate front- and back-end processes to make sure their information is protected.  Continue Reading

• InfoSec professionals tapped to advance the 'culture of security'

  ISSA International Conference organizers explain why InfoSec professionals have had to redefine their role as cyberdefense has become a business priority.  Continue Reading

• Governance needs shift as digital evidence in court becomes common

  Digital, computer-generated records have been used as evidence in recent court cases, and the trend could cause major changes for corporate data governance.  Continue Reading

• Firms face 'regulatory fatigue,' higher cost of compliance

  Firms worldwide are experiencing 'regulatory fatigue' due to rapidly increasing compliance mandates. In Thomson Reuters' latest Cost of Compliance survey, see how GRC teams can manage these regulatory changes.  Continue Reading

• Mobile data security creates big governance challenges

  As devices are used for increasingly complex processes, data becomes more vulnerable to loss. To keep pace, IT and security executives are developing comprehensive mobile data security plans and implementing stronger technology solutions.  Continue Reading

• SEC's Regulation SCI: A visual timeline

  The SEC adopted Regulation SCI to bolster the technological infrastructure of the U.S. securities market. Take a look at the milestones in the history of Reg SCI, including when it was first proposed, the tech failures that inspired it and more.  Continue Reading

• Data governance due diligence key to GRC automation success

  Information governance expert Jeffrey Ritter discusses how companies can successfully align GRC automation with existing data governance processes.  Continue Reading

• New tactics for improving critical infrastructure cybersecurity pushed by MIT consortium

  The MIT Sloan School of Management has launched a consortium that touts interdisciplinary research and cooperation as keys to improving cybersecurity.  Continue Reading

• Fresh look at governance required to maximize information as an asset

  IGI founder Barclay T. Blair discusses lacking efforts to make information a business asset, and the initial steps required to maximize data value.  Continue Reading

• SEC oversight reaches new levels under Regulation SCI

  Regulation SCI marks a new era for SEC oversight of companies' IT compliance processes, and information governance expert Jeffrey Ritter discusses how in this Q&A.  Continue Reading

• What changes are businesses experiencing under PCI DSS version 3.0?

  New compliance requirements under PCI DSS version 3.0 strive to make cardholder data security part of companies' everyday business processes.  Continue Reading

• New risk management needs challenge information governance processes

  Risk management requirements have complicated information governance, but with the right strategy the two disciplines could be mutually beneficial.  Continue Reading

• Why your mobile device management policy must include wearables

  Wearable technology has started to creep into the business world, but companies must overcome the data governance complications to reap any benefits.  Continue Reading

• Can automated segregation of duties benefit regulatory compliance?

  In this feature, Michael Rasmussen explains why automated SoD reduces compliance costs as well as the potential for fraud and lawsuits.  Continue Reading

• GRC professionals' salaries increase as demand for their skills rises

  As businesses expand their IT security and compliance focus, GRC professionals are seeing salary increases with their broadened responsibilities.  Continue Reading

• The final differentiators to consider when choosing a GRC solution

  After determining its needs, your business has decided to acquire a GRC solution. Here are the final factors to consider before you make a decision.  Continue Reading

• GRC conferences to help you remain on top of your compliance game

  In the need for some IT training? Check out our list of GRC conferences designed to help your enterprise stay current with the latest compliance regulations and GRC strategy trends.  Continue Reading

• Compliance and GRC management tools

  Constant updates to compliance regulations can cause headaches for IT departments. Learn more about the latest compliance products to help you with compliance and GRC management.  Continue Reading

• IT compliance: FAQs about IT operations, regulations and standards

  This index links to resources about the relationship between IT operations and compliance regulations and standards, including HIPAA, e-discovery, SOX and PCI.  Continue Reading

• FAQ: What is the Federal Information Security Management Act?

  The Federal Information Security Management Act aims to improve information security by requiring federal agencies to comply with standards. Learn more with this FISMA FAQ.  Continue Reading

• FAQ: GARP and how it helps you achieve better information governance

  Many organizations do not have an information governance structure that works with defined record-keeping principles that ensures accountability. GARP may be your answer.  Continue Reading

• FAQ: An introduction to the ISO 31000 risk management standard

  Learn more about ISO 31000:2009, a new risk management standard: It's plainly written, short, process-oriented and relevant reading for anyone dealing with risk.  Continue Reading

• FAQ: What impact do mobile computing devices have on IT compliance?

  More mobile devices means more security threats. Here are things to consider in adjusting your IT compliance strategy to meet challenges brought by iPhones and the like.  Continue Reading

• What is NERC CIP, and IT's role in critical infrastructure protection?

  Under the NERC CIP, power generators and suppliers must prove NERC compliance on critical infrastructure protection provisions by the end of the second quarter. Will you be ready?  Continue Reading

• Governance, risk and compliance FAQ: What does GRC mean to IT strategy

  Learn how GRC coordinates governance, risk and compliance with IT strategy to create a more responsive and transparent organization.  Continue Reading

• FAQs about compliance audits in IT

  New and more complicated regulations have made compliance audits a fact of life for modern organizations. Learn about IT's role in the audit process in this FAQ.  Continue Reading

• HITECH FAQ: What is the impact of the HITECH Act on IT operations?

  This resource provides answers and resources to frequently asked questions regarding the Health Information Technology for Economic and Clinical Health (HITECH) Act.  Continue Reading

• PCI DSS FAQ: The Payment Card Industry Data Security Standard and IT

  This resource provides answers and resources to frequently asked questions regarding the Payment Card Industry Data Security Standard (PCI DSS).  Continue Reading

• Chapter excerpt: Decision-making processes and IT governance

  Find out how sound decision-making processes form the foundation of IT governance policies by allocating decision rights and accountability.  Continue Reading

• FAQ: What is the impact of HIPAA on IT operations?

  This FAQ provides guidance on how the Health Insurance Portability and Accountability Act affects IT operations, including what is required and what penalties are applied.  Continue Reading