Manage
Learn to apply best practices and optimize your operations.
Manage
Learn to apply best practices and optimize your operations.
7 free GRC tools every compliance professional should know about
All organizations need to meet a variety of regulatory compliance requirements, but they don't all have the budget for GRC software. Learn about seven free, open source options. Continue Reading
Understanding BC, resilience standards and how to comply
Follow these nine steps to first identify relevant business continuity and resilience standards and, second, launch a successful compliance program at your organization. Continue Reading
How compliance provides stakeholders evidence of success
Company stakeholders know the importance of corporate compliance. Here's why gauging compliance stakeholders' expectations helps ensure regulatory processes will satisfy them. Continue Reading
-
Why SLA compliance should be top of mind for IT leaders
Service-level agreements are critical to measuring agreed-upon metrics and ensuring accountability of both parties. Learn more about the importance of SLA compliance in IT. Continue Reading
5 PCI DSS best practices to improve compliance
Increased rates of PCI noncompliance are worth examining, as are PCI DSS best practices and tips for small and medium-sized companies. Read more in-depth compliance coverage here. Continue Reading
Prep a compliance audit checklist that auditors want to see
Think your enterprise is ready for its compliance audit? Check off key points in this compliance audit preparation checklist to ensure it has all the resources needed to help auditors do their job.Continue Reading
IoT compliance standards and how to comply
To address IoT security concerns, it is critical for IT leaders to adhere to IoT compliance standards. Learn more about IoT compliance and its IT-relevant standards.Continue Reading
5 steps to determine residual risk during the assessment process
Even the best security controls have data management gaps that create risk. Here are steps to identify and offset residual risk during an assessment.Continue Reading
Ensure IAM compliance by wielding key controls and resources
IAM compliance is a top priority for CIOs. Read up on IAM standards and regulations, and learn how to implement IAM controls to best stay compliant.Continue Reading
AI transparency mandates essential to protect private data
As AI use permeates industry, governments are updating laws to keep pace with the technology. AI transparency will be essential to ensure privacy and avoid risk to civil liberties.Continue Reading
-
Plan and implement a GRC framework with this checklist
Whether planning or updating your governance, risk and compliance program, use this guide to help simplify the initiative and successfully implement a GRC framework.Continue Reading
Balance fraud compliance and prevention with these tips
IT leaders must be vigilant against cyberfraud. Use this list of fraud compliance statutes and prevention tips to protect IT resources, customers and your company's reputation.Continue Reading
Privacy controls to meet CCPA compliance requirements
Existing risk management programs are a solid foundation for CCPA compliance requirements. Learn the privacy controls needed to remain CCPA-compliant and improve IT security.Continue Reading
Why better data visibility is necessary for your business
Lack of visibility into growing volumes of data leaves organizations at a privacy compliance and business disadvantage, but new data governance rules can help.Continue Reading
GDPR compliance benefits emerge a year and a half later
While some may see GDPR as a set of restrictions, it can improve business practices. Learn more about the GDPR compliance benefits.Continue Reading
Designing secure, compliant identity access and management
Desperately seeking secure IAM? You're not alone, and it gets extra tricky when biometrics are involved. Learn to employ modes of modern identity management and still stay compliant.Continue Reading
IAM-driven biometrics in security requires adjustments
IAM is foundational to cybersecurity, but the latest systems use biometrics and other personal data. Learn how to cope with the resulting compliance and privacy issues.Continue Reading
Biometric data privacy, ethical questions complicate modern IAM
Use of biometrics in IAM systems may help secure company systems and data, but it also raises privacy issues. Here's how to keep both your security and ethical standards high.Continue Reading
Regs create blueprint for industrial controls, IoT and IIoT
Protecting devices associated with industrial control systems, IoT and IIoT presents many challenges, but wide-ranging regulatory mandates can help guide cybersecurity processes.Continue Reading
How PCI DSS compliance milestones can be a GDPR measuring stick
Constantly evolving regulations can cause confusion for security officers, but sometimes, there is process overlap. Here's how achieving compliance with PCI DSS can help meet GDPR mandates.Continue Reading
Protect customer data with these 5 essential steps
Engagement with customers inevitably yields a trove of sensitive data. Learn the key steps you should take to stay compliant and secure in an era of virtual business.Continue Reading
Lack of U.S. cryptocurrency regulation invites risk
Daniel Allen explains how a lack of U.S. cryptocurrency regulation increases exploitation vulnerabilities, and shares his ideas for implementing regulatory oversight.Continue Reading
SEC's iXBRL requirements met with optimism -- and trepidation
Compliance with the SEC's new Inline XBRL requirements will change financial reporting processes. The benefits are there, but not everyone is optimistic about the change.Continue Reading
4 steps to remain compliant with SOX data retention policies
Data retention policy is inherent to Sarbanes-Oxley Act compliance. In this tip, learn SOX data retention best practices to remain regulatory compliant.Continue Reading
Compliance rules usher in new era for personal data privacy policy
With the rollout of data privacy regulations, individual data rights and the right to be forgotten are forcing organizations to re-examine how they handle customer information.Continue Reading
AI security tech is making waves in incident response
Experts weigh in on the latest smart cybersecurity tools -- how they work, the implications for your IT security team and whether the investment is worth the expense.Continue Reading
To improve incident response capability, start with the right CSIRT
Is your organization ready to build a computer security incident response team? Here are the questions that should be answered when building a CSIRT to maximize incident response capability.Continue Reading
How can companies implement ITSM compliance standards?
In this Ask the Expert, IT governance expert Jeffrey Ritter discusses his formula to successfully align new technology with ITSM compliance standards -- all while minimizing risk.Continue Reading
How can a compliance strategy improve customer trust?
Privacy compliance strategy can help build consumer trust and improve security if companies stop looking at the regulations as an obstacle and more as a business opportunity.Continue Reading
Identify gaps in cybersecurity processes to reduce organizational risk
Organizational risk is a given at modern companies. But as threats persist, identifying preventable cybersecurity gaps presents an opportunity to strengthen enterprise defenses.Continue Reading
Metrics vital to insider threat prevention and mitigation
Insider threat prevention has become inherent to cybersecurity strategy, but companies must use the right metrics to determine whether their efforts are working.Continue Reading
Cybersecurity governance falls short amid rising security budgets
Companies still struggle to adapt risk management strategies to face modern threats, but maturing their cybersecurity governance processes is a step in the right direction.Continue Reading
Graph databases could prove invaluable to fraud investigation process
The fraud investigation process remains complicated for companies, but graph databases' information management techniques can help collect and manage valuable evidentiary data.Continue Reading
Virtual containers help refocus modern endpoint security strategy
As companies struggle to protect constantly expanding attack surfaces, virtual containers could quickly become essential to companies' endpoint security strategy.Continue Reading
Mobile endpoints require new look at cybersecurity awareness training
In this webcast, learn how non-traditional mobile endpoints are forcing organizations to re-examine their data protection techniques, including cybersecurity awareness training.Continue Reading
Q&A: Mitigating enterprise security threats
Security expert Georgia Weidman explains how enterprise mobility and the IoT are fueling enterprise security threats and offers pointers on fortifying cybersecurity strategies.Continue Reading
Modern enterprise cybersecurity further complicated by mobility, IoT
In this webcast, data security expert Georgia Weidman discusses how changing network perimeters create numerous complications for enterprise cybersecurity strategies.Continue Reading
Corporate network: Assumptions vs. reality
Security expert Georgia Weidman explains the assumptions versus the realities of corporate network security, and highlights the biggest risk factors facing modern enterprises.Continue Reading
Enterprise CISOs face cybersecurity skills shortage
Recent studies show that as cyber threats evolve, CISOs will face a cybersecurity talent shortage and an increasingly integral role in company processes.Continue Reading
Enterprise cybersecurity strategies: Devising resolutions for 2017
Companies can expect data threats to proliferate in 2017. To help, security experts outline resolutions organizations should make to bolster their cybersecurity strategies.Continue Reading
DFARS compliance targets 'controlled unclassified information'
Contractors have until the end of 2017 to meet DFARS compliance rules that put cybersecurity safeguards on what the U.S. government calls 'controlled unclassified information.'Continue Reading
Enterprise information security and privacy reliant on culture
Human error remains a threat to data, but privacy advocate Grace Buckler says setting the tone with company culture can offset enterprise information security and privacy risks.Continue Reading
Data anonymization techniques less reliable in era of big data
Data anonymization techniques are designed to preserve privacy of shared data, but do they work with high-dimensional data? Here's what experts have to say.Continue Reading
The evolution of technology and IoT
In this webcast, CISO Demetrios Lazarikos discusses IoT's significance in the evolution of technology and its influence in consumers' everyday lives.Continue Reading
IoT security issues and vulnerabilities
In this webcast, CISO Demetrios Lazarikos explains the fear stemming from IoT security issues such as exploitation.Continue Reading
IoT cybersecurity: Q&A
In this webcast, CISO Demetrios Lazarikos answers questions about IoT cybersecurity strategies and best practices.Continue Reading
Webcast: Developing the information security maturity model
In this webcast, CISO Demetrios Lazarikos discusses the information security maturity model and shares a brief history of companies' approach to information security.Continue Reading
Corporate ignorance remains a big cloud information security risk
Despite numerous advancements in cloud-specific data protection technology, some companies remain in the dark about their cloud information security responsibilities.Continue Reading
The business case for IG investments in a post-regulatory world
Continued calls for deregulation may sound like death knell for information governance, but IG investments may prove to be more vital than ever to businesses in 2017 and beyond.Continue Reading
Tabletop cybersecurity exercises essential to infosec training
In this video Q&A, representatives from Delta Risk LLC, discuss why tabletop cybersecurity exercises are hugely beneficial to companies' infosec training programs.Continue Reading
Mitigating insider threats remains a major cyber concern
Expert panelists at the Cambridge Cyber Summit briefed the audience on some of the steps that organizations should implement for mitigating insider threats.Continue Reading
FAQ: What are the EU-U.S. Privacy Shield compliance requirements?
In this SearchCompliance FAQ, learn details about how the EU-U.S. Privacy Shield data protection requirements strive to raise consumer privacy standards.Continue Reading
Q&A: With ransomware threat on the rise, is IoT the next victim?
Etay Maor, executive security advisor at IBM, discusses the growing ransomware threat and why IoT could be the next ransomware target.Continue Reading
Evolving tech forces fresh look at IT security processes
In this Q&A, vArmour CISO Demetrios Lazarikos discusses how rapidly advancing technology is influencing how companies plan and train employees on new IT security processes.Continue Reading
Q&A: How the deep web is used to exploit protected health information
ICIT Fellow Robert Lord discusses the exploitation of protected health information on the deep web and gives cybersecurity tips on how to best protect these valuable records.Continue Reading
Compliance records provide fuel for big data analytics
Well-designed compliance records management can generate new business revenue for businesses by feeding big data analytics engines valuable data.Continue Reading
Ransomware mitigation strategies include paying up
Ransomware mitigation strategies should be a top business priority as the malware becomes increasingly common. But sometimes, paying up might be the only option.Continue Reading
Digital governance and compliance tactics for the regulated business
Digitization has become a fact life for businesses, but the increased data volumes and associated information security risks puts a strain on digital governance, risk and compliance (GRC) resources. Businesses have struggled as unprecedented data ...Continue Reading
Data velocity: Why increased transparency saves time and money
Information governance expert Jeffrey Ritter explains how information transparency is proportional to data velocity, and why increased velocity can save businesses time and money.Continue Reading
Big data mining: Using information governance to create new wealth
Information governance expert Jeffrey Ritter explains how big data mining can be used by businesses to create new wealth by uncovering readily available, valuable intelligence.Continue Reading
Data provenance and the profitability of well-governed information
Information governance expert Jeffrey Ritter explains how businesses can gain profit and operate more efficiently by understanding their data provenance.Continue Reading
Aligning IT and compliance procedures increasingly a business priority
Companies' regulatory management and tech teams often still operate independently, but businesses are starting to recognize the benefits of IT and compliance procedure alignment.Continue Reading
FAQ: What are the International Cybersecurity Principles?
A consortium of financial services associations is calling for international cybersecurity standards to help avoid conflicting compliance mandates across global markets.Continue Reading
Verizon: Human error still among the top data security threats
Verizon's 2016 Data Breach Investigations Report found human vulnerabilities and errors continue to be among companies' top data security threats.Continue Reading
Data protection compliance boosts security, bottom line
Data protection rules not only help keep companies regulatory compliant, but can also improve network security -- and maybe even the bottom line.Continue Reading
Regulating big data: Monitoring systems to create new wealth
Regulating big data to maintain compliance has become a big part of information governance, but can GRC processes also help generate new revenue?Continue Reading
Big data intelligence increasingly a business, governance priority
In this Q&A, Jeffrey Ritter discusses how the quest for big data intelligence is forcing governance professionals to move beyond GRC gatekeeping.Continue Reading
Five reasons to invest in ISO 27001 and other security certifications
Kyle Anixter, PMO manager of IT services at Curvature, discusses the business benefits of ISO 27001 certification that go beyond just data security.Continue Reading
Can U.S. states fill the gaps in consumer privacy regulation?
Because of the slow pace of federal policymaking, companies must rely on state legislators for guidance to protect consumer data. But privacy regulation at the state level has its challenges.Continue Reading
Lack of digital governance rules leaves consumer privacy at risk
Consumer data usage in the U.S. is currently governed by a patchwork of privacy legislation that can't keep up with the digital marketplace and leaves consumers at risk. A consumer bill of rights could be the first step to address this problem.Continue Reading
Cybersecurity insurance policies gain popularity as threats persist
Companies are increasingly turning to liability coverage to protect data assets, but questions remain for the nascent cybersecurity insurance industry.Continue Reading
Drawing business value from GRC analytics
Governance, risk and compliance processes face numerous complications in the digital age. Companies' data volumes continue to grow exponentially, while information security threats and regulatory mandates constantly evolve. Digitization does have ...Continue Reading
Analytics data aids healthcare fraud prevention and detection
Data analytics strategies are proving useful to help combat healthcare fraud, and the proactive techniques could benefit a wide range of industries.Continue Reading
Data governance for legal and regulatory compliance
Digitization is forcing companies to make big changes to information governance processes to ensure data maintains legal and regulatory compliance.Continue Reading
Compliance culture: FINRA shifts regulatory focus
Finance industry regulators have shifted gears in 2016, moving away from checkbox-style regulations and focusing on companies' compliance culture.Continue Reading
Managing cybersecurity and supply chain risks: The board's role
Cybersecurity and supply chain risks are drawing more attention from senior management and board members, but many companies fall short with accountability.Continue Reading
Book excerpt: Achieving digital trust in the information age
In this book excerpt, Jeffrey Ritter explains the essential attributes of digital trust and why it's so important to business success in the information age.Continue Reading
Information security monitoring, analytics for the digital age
In this webcast, learn automated information security monitoring and analytic techniques to protect data in the face of rapidly evolving cyberthreats.Continue Reading
FTC: Analyzing big data creates discrimination risk
Big data analytics provides several business benefits but could also discriminate against certain individuals and violate consumer data protection rules.Continue Reading
Negligence, accidents put insider threat protection at risk
Malicious employees are usually the focus of insider threat protection efforts, but accidents and negligence are often overlooked data security threats.Continue Reading
End-user security awareness first line of data protection defense
As data threats continue to proliferate in scope and number, end-user security awareness is essential to corporate information protection.Continue Reading
Making the business case for cybersecurity spending
Cybersecurity has become essential to protect data assets, but it is also helping businesses ensure corporate information is accurate and reliable.Continue Reading
New data classifications vital to information governance and security
Businesses have invested heavily in information governance and security, and embracing three new data classifications could prove beneficial in 2016.Continue Reading
The steps to effective cybersecurity incident response
Planning and foresight are essential to any cybersecurity incident response plan. Follow these steps to make sure you're ready for a data breach.Continue Reading
Data protection and security incident response when all information is a target
Data breaches have become increasingly commonplace for businesses, and every company that has an online presence is a potential target for hackers: High-profile hacks of Target Corp. and Anthem Inc., to name a few, show how valuable personal data ...Continue Reading
Information governance 2015: The year of digital evidence as truth
Businesses saw major shifts to their information governance 2015 processes as legal and compliance rules more heavily relied on digital evidence as truth.Continue Reading
Training, legal input key to information security and privacy balance
Businesses often struggle with balancing security and privacy, but building PII management mandates into data protection efforts is a good place to start.Continue Reading
Data protection requirements start with firm grasp of GRC needs
Corporate data protection requirements are complex, but determining a company's unique GRC needs is an essential first step to information security.Continue Reading
Cybersecurity and privacy compliance: The delicate balance
As information has transformed into a huge business asset for modern companies, it has come at a price: Data is now a target for hackers seeking sensitive information about enterprises and their customers. This new online data security focus has ...Continue Reading
As threats to data spread, security info sharing debate heats up
New laws encourage cybersecurity information sharing between the public and private sector, but will the data protection measures infringe on privacy?Continue Reading
'Going dark': Weighing the public safety costs of end-to-end encryption
'Going dark' -- or the FBI's inability to access data because of encryption -- could put public safety at risk, intelligence officials say. But tech companies argue that strong encryption is needed to protect corporate and customer data.Continue Reading
Mobile application vulnerabilities remain a forgotten security threat
Despite an increased focus on data security protection, mobile application vulnerabilities are still often overlooked by both businesses and consumers.Continue Reading
Cybersecurity risk management benefits from analytics, reporting
Data breaches continue to threaten businesses, but companies are turning to data analytics to help identify vulnerabilities and make cybersecurity risk management more efficient.Continue Reading
Threats to cloud data security remain a business concern
As threats to cloud data security continue to evolve, businesses must stay on their toes and incorporate front- and back-end processes to make sure their information is protected.Continue Reading
Cloud risk management: Governance strategies to protect digital assets
As the digital age continues to strain information governance budgets, many companies have turned to the cloud to reduce data storage costs: Market analyst firm IDC predicts spending on public cloud services will exceed $127 billion in 2018, ...Continue Reading
Corporate customers play big role in cloud data loss prevention
Cloud providers have made big information security strides, but their corporate customers still have to play their part in cloud data loss prevention.Continue Reading
Governance needs shift as digital evidence in court becomes common
Digital, computer-generated records have been used as evidence in recent court cases, and the trend could cause major changes for corporate data governance.Continue Reading
Are cloud-based data warehousing and business analytics worth the risk?
Cloud services have become a popular cost-saving option for businesses, but they must be careful to protect against constantly evolving data risk.Continue Reading
For reliable digital evidence, information governance strategy required
Computers are increasingly called as witnesses in court cases, forcing companies to ensure information governance processes are able to produce reliable digital evidence.Continue Reading
Five steps to establishing a big data governance policy
Modern companies generate and store an unprecedented amount of big data, but an information governance policy can help businesses stay compliant and reap the benefits of their digital assets.Continue Reading