Features

Features

Assessing your regulatory compliance needs

• Roadmap to improve compliance: PCI DSS best practices

  Increased rates of PCI noncompliance are worth examining, as are PCI DSS best practices and tips for small and medium-sized companies. Read more in-depth compliance coverage here.  Continue Reading

• Fighting PCI non-compliance could require new frameworks, zero trust

  Falling PCI DSS compliance rates could force the PCI Security Standards Council to be more open to other regulatory frameworks and make enterprises aim higher in terms of data security. Could zero trust be part of the solution?  Continue Reading

• In comparing GDPR and CCPA, lessons in compliance emerge

  In anticipation of the CCPA Jan. 1, 2020, implementation date, business leaders should understand the parallels between GDPR and CCPA to learn from the EU's GDPR rollout period.  Continue Reading

• GDPR compliance benefits emerge a year and a half later

  While some may see GDPR as a set of restrictions, it can improve business practices. Learn more about the GDPR compliance benefits.  Continue Reading

• IAM-driven biometrics in security requires adjustments

  IAM is foundational to cybersecurity, but the latest systems use biometrics and other personal data. Learn how to cope with the resulting compliance and privacy issues.  Continue Reading

• Compliance rules usher in new era for personal data privacy policy

  With the rollout of data privacy regulations, individual data rights and the right to be forgotten are forcing organizations to re-examine how they handle customer information.  Continue Reading

• AI security tech is making waves in incident response

  Experts weigh in on the latest smart cybersecurity tools -- how they work, the implications for your IT security team and whether the investment is worth the expense.  Continue Reading

• CCPA compliance begins with data inventory assessment

  In this SearchCIO Q&A, multiple experts sound off on major questions businesses have about CCPA compliance ahead of its January 2020 enforcement date.  Continue Reading

• Security, compliance standards help mitigate BIOS security vulnerabilities

  Cybersecurity vulnerabilities associated with PCs often overlook BIOS. Read for strategies to offset these threats and for preventing unauthorized BIOS modifications.  Continue Reading

• Lacking data management processes holds back digital business

  The business fallout of poor data management processes goes well beyond security and privacy implications. Evident IT CEO David Thomas explains in this SearchCompliance Q&A.  Continue Reading

• FAQ: How is digitization influencing SEC compliance priorities?

  As online trading and digital finance becomes the norm, updated SEC compliance regulations target these transactions in an effort to improve digital asset security.  Continue Reading

• FAQ: How is the Privacy Shield Framework being enforced?

  The FTC has issued its first enforcement actions for companies found in violation of the EU-U.S. Privacy Shield Framework, but are the rules doing enough to protect consumer data?  Continue Reading

• Book excerpt: Digital surveillance in the post-Snowden era

  In this book excerpt, author Timothy Edgar explains how Edward Snowden's NSA leaks ushered in a new era for U.S. digital surveillance techniques and privacy protection.  Continue Reading

• Drone regulations evolve as enterprise adoption heats up

  With enterprises embracing drone use to gain competitive advantage, the FAA is easing up on compliance rules targeting drones' use in commercial operations. In this Q&A, attorney Mark McKinnon discusses the evolution of drone regulations.  Continue Reading

• FAQ: How does EU GDPR compliance change data protection processes?

  In this FAQ, learn how compliance with the EU's General Data Protection Regulation requires companies to rethink their data protection policies and processes.  Continue Reading

• Metrics vital to insider threat prevention and mitigation

  Insider threat prevention has become inherent to cybersecurity strategy, but companies must use the right metrics to determine whether their efforts are working.  Continue Reading

• FAQ: How would the Financial CHOICE Act change current compliance regs?

  In this FAQ, we examine how the Financial CHOICE Act of 2017 would change U.S. regulatory compliance mandates targeting the finance industry's business practices.  Continue Reading

• Information security regulations may target IoT, drones

  Calls are growing louder for information security regulations to target consumer-centric technology such as the IoT and drones, but legislating their use could prove difficult.  Continue Reading

• FAQ: What are the EU-U.S. Privacy Shield compliance requirements?

  In this SearchCompliance FAQ, learn details about how the EU-U.S. Privacy Shield data protection requirements strive to raise consumer privacy standards.  Continue Reading

• Q&A: How the deep web is used to exploit protected health information

  ICIT Fellow Robert Lord discusses the exploitation of protected health information on the deep web and gives cybersecurity tips on how to best protect these valuable records.  Continue Reading

• Digital risk management strategies for the data-centric business

  To offset threats from constantly expanding information volumes, business leaders must rethink how they integrate digital risk management tactics throughout their companies.  Continue Reading

• FAQ: What are the International Cybersecurity Principles?

  A consortium of financial services associations is calling for international cybersecurity standards to help avoid conflicting compliance mandates across global markets.  Continue Reading

• Industry gurus tackle blockchain privacy and digital identity

  The decentralized nature of public blockchain has raised concerns about digital identity and blockchain privacy. A panel of experts addresses these questions.  Continue Reading

• Proposed payday loan regulation seeks additional consumer protections

  A proposed rule is designed to protect consumers from unfair payday lending practices, but legal challenges to the regulation are on the horizon.  Continue Reading

• Verizon: Human error still among the top data security threats

  Verizon's 2016 Data Breach Investigations Report found human vulnerabilities and errors continue to be among companies' top data security threats.  Continue Reading

• FAQ: Will draft bill mandate access to encrypted information?

  Is the Compliance with Court Orders Act draft bill the first step to mandating that tech companies allow access to their products' encrypted communications?  Continue Reading

• Blockchain compliance raises questions of regulatory scope, intent

  Calls for blockchain compliance regulation are getting louder as digital currencies grow in popularity, but will these rules hinder innovation?  Continue Reading

• Cybersecurity insurance policies gain popularity as threats persist

  Companies are increasingly turning to liability coverage to protect data assets, but questions remain for the nascent cybersecurity insurance industry.  Continue Reading

• To avoid big data privacy issues, user empowerment is a must

  The use of big data analytics continues to grow -- and so does the list of consumer privacy risks associated with it. At a recent forum, privacy experts called for equipping users with greater understanding and control over their data.  Continue Reading

• Compliance culture: FINRA shifts regulatory focus

  Finance industry regulators have shifted gears in 2016, moving away from checkbox-style regulations and focusing on companies' compliance culture.  Continue Reading

• Managing cybersecurity and supply chain risks: The board's role

  Cybersecurity and supply chain risks are drawing more attention from senior management and board members, but many companies fall short with accountability.  Continue Reading

• Book excerpt: Achieving digital trust in the information age

  In this book excerpt, Jeffrey Ritter explains the essential attributes of digital trust and why it's so important to business success in the information age.  Continue Reading

• FTC: Analyzing big data creates discrimination risk

  Big data analytics provides several business benefits but could also discriminate against certain individuals and violate consumer data protection rules.  Continue Reading

• As threats to data spread, security info sharing debate heats up

  New laws encourage cybersecurity information sharing between the public and private sector, but will the data protection measures infringe on privacy?  Continue Reading

• InfoSec professionals tapped to advance the 'culture of security'

  ISSA International Conference organizers explain why InfoSec professionals have had to redefine their role as cyberdefense has become a business priority.  Continue Reading

• Governance needs shift as digital evidence in court becomes common

  Digital, computer-generated records have been used as evidence in recent court cases, and the trend could cause major changes for corporate data governance.  Continue Reading

• SEC's Regulation SCI: A visual timeline

  The SEC adopted Regulation SCI to bolster the technological infrastructure of the U.S. securities market. Take a look at the milestones in the history of Reg SCI, including when it was first proposed, the tech failures that inspired it and more.  Continue Reading

• New tactics for improving critical infrastructure cybersecurity pushed by MIT consortium

  The MIT Sloan School of Management has launched a consortium that touts interdisciplinary research and cooperation as keys to improving cybersecurity.  Continue Reading

• SEC oversight reaches new levels under Regulation SCI

  Regulation SCI marks a new era for SEC oversight of companies' IT compliance processes, and information governance expert Jeffrey Ritter discusses how in this Q&A.  Continue Reading

• What changes are businesses experiencing under PCI DSS version 3.0?

  New compliance requirements under PCI DSS version 3.0 strive to make cardholder data security part of companies' everyday business processes.  Continue Reading

• Study reveals legal obstacles created by data protection laws

  A new study has that found data protection laws and state secrecy rules have created legal obstacles for businesses conducting operations in Asia.  Continue Reading

• Privacy laws create obstacles for e-discovery in the cloud

  Information governance expert Jeffrey Ritter discusses how privacy laws create barriers to cloud-based e-discovery, and strategies to manage these complications.  Continue Reading

• Can automated segregation of duties benefit regulatory compliance?

  In this feature, Michael Rasmussen explains why automated SoD reduces compliance costs as well as the potential for fraud and lawsuits.  Continue Reading

• Next generation of threats requires new approach to PCI security

  In this Q&A, learn how increasingly sophisticated cyberthreats should influence organizations' information protection and PCI security strategy.  Continue Reading

• Investment Company Act rule reduces liability for misled CCOs

  The SEC has issued its first sanctions under the Investment Company Act's Rule 38a-1(c), which is designed to protect misled CCOs from liability.  Continue Reading

• FAQ: What changes are afoot under PCI DSS 3.0 requirements?

  In this FAQ, learn how new standards under PCI DSS 3.0 are changing the approach of businesses to payment card security and regulatory compliance.  Continue Reading

• FAQ: Why admission of guilt is now built into SEC settlements

  To promote accountability, some SEC settlements now require admission of guilt. In this FAQ, learn what prompted the change and why some oppose it.  Continue Reading

• Data discovery tools, processes valuable to information management

  New and emerging data discovery tools and processes are proving that they can provide benefits to business areas besides the legal department.  Continue Reading

• IT compliance: FAQs about IT operations, regulations and standards

  This index links to resources about the relationship between IT operations and compliance regulations and standards, including HIPAA, e-discovery, SOX and PCI.  Continue Reading

• FAQ: What is the Federal Information Security Management Act?

  The Federal Information Security Management Act aims to improve information security by requiring federal agencies to comply with standards. Learn more with this FISMA FAQ.  Continue Reading

• FAQ: GARP and how it helps you achieve better information governance

  Many organizations do not have an information governance structure that works with defined record-keeping principles that ensures accountability. GARP may be your answer.  Continue Reading

• FAQ: What impact do mobile computing devices have on IT compliance?

  More mobile devices means more security threats. Here are things to consider in adjusting your IT compliance strategy to meet challenges brought by iPhones and the like.  Continue Reading

• What is NERC CIP, and IT's role in critical infrastructure protection?

  Under the NERC CIP, power generators and suppliers must prove NERC compliance on critical infrastructure protection provisions by the end of the second quarter. Will you be ready?  Continue Reading

• FAQ: How will mandatory encryption standards affect IT operations?

  Learn how emerging mandatory encryption standards will affect IT operations.  Continue Reading

• Enterprise document management FAQ: IT operations and compliance

  Find answers and resources to frequently asked questions about the relationship of enterprise document management to IT operations and compliance.  Continue Reading

• HITECH FAQ: What is the impact of the HITECH Act on IT operations?

  This resource provides answers and resources to frequently asked questions regarding the Health Information Technology for Economic and Clinical Health (HITECH) Act.  Continue Reading

• PCI DSS FAQ: The Payment Card Industry Data Security Standard and IT

  This resource provides answers and resources to frequently asked questions regarding the Payment Card Industry Data Security Standard (PCI DSS).  Continue Reading

• FAQ: What is the impact of e-discovery law on IT operations?

  This FAQ provides guidance to IT professionals on e-discovery law, including how it affects IT operations, who it affects, what's required and what penalties can be applied.  Continue Reading

• The right business strategy for corporate social responsibility

  Something happens when the word "sustainability" comes up. People become fixated on the environmental aspects of corporate social responsibility and forget about the economics.  Continue Reading

• Chapter excerpt: The Three Core Disciplines of IT Risk Management

  IT risk management is built on a well-structured foundation of IT assets, a well-designed and executed risk governance process and a risk-aware culture.  Continue Reading

• FAQ: What is the impact of HIPAA on IT operations?

  This FAQ provides guidance on how the Health Insurance Portability and Accountability Act affects IT operations, including what is required and what penalties are applied.  Continue Reading

• FAQ: What is the impact of Sarbanes-Oxley on IT operations?

  This FAQ provides guidance to IT professionals on how Sarbanes-Oxley (SOX) affects IT operations, including who it affects, what is required and what penalties are applied.  Continue Reading