Manage

Manage

Learn to apply best practices and optimize your operations.

• Use ISO 22332 to improve business continuity plans

  Standards offer guidance on business continuity and disaster recovery plans. ISO 22332 is no exception, providing great detail on how to prepare and execute a BC plan. Continue Reading

• An adequacy audit checklist to assess project performance

  Adequacy audits are conducted to assess the efficacy of IT system controls and identify areas for performance or other improvements. Use this audit checklist to get started. Continue Reading

• How to successfully automate GRC systems in 7 steps

  There is more to automating GRC programs than technology alone. This implementation roadmap helps IT leaders effectively plan, deploy and monitor GRC activities and tools. Continue Reading

• 7 free GRC tools every compliance professional should know about

  All organizations need to meet a variety of regulatory compliance requirements, but they don't all have the budget for GRC software. Learn about seven free, open source options. Continue Reading

• Understanding BC, resilience standards and how to comply

  Follow these nine steps to first identify relevant business continuity and resilience standards and, second, launch a successful compliance program at your organization. Continue Reading

• How compliance provides stakeholders evidence of success

  Company stakeholders know the importance of corporate compliance. Here's why gauging compliance stakeholders' expectations helps ensure regulatory processes will satisfy them.Continue Reading

• Why SLA compliance should be top of mind for IT leaders

  Service-level agreements are critical to measuring agreed-upon metrics and ensuring accountability of both parties. Learn more about the importance of SLA compliance in IT.Continue Reading

• 5 PCI DSS best practices to improve compliance

  Increased rates of PCI noncompliance are worth examining, as are PCI DSS best practices and tips for small and medium-sized companies. Read more in-depth compliance coverage here.Continue Reading

• Prep a compliance audit checklist that auditors want to see

  Think your enterprise is ready for its compliance audit? Check off key points in this compliance audit preparation checklist to ensure it has all the resources needed to help auditors do their job.Continue Reading

• IoT compliance standards and how to comply

  To address IoT security concerns, it is critical for IT leaders to adhere to IoT compliance standards. Learn more about IoT compliance and its IT-relevant standards.Continue Reading

• 5 steps to determine residual risk during the assessment process

  Even the best security controls have data management gaps that create risk. Here are steps to identify and offset residual risk during an assessment.Continue Reading

• Ensure IAM compliance by wielding key controls and resources

  IAM compliance is a top priority for CIOs. Read up on IAM standards and regulations, and learn how to implement IAM controls to best stay compliant.Continue Reading

• AI transparency mandates essential to protect private data

  As AI use permeates industry, governments are updating laws to keep pace with the technology. AI transparency will be essential to ensure privacy and avoid risk to civil liberties.Continue Reading

• Plan and implement a GRC framework with this checklist

  Whether planning or updating your governance, risk and compliance program, use this guide to help simplify the initiative and successfully implement a GRC framework.Continue Reading

• Balance fraud compliance and prevention with these tips

  IT leaders must be vigilant against cyberfraud. Use this list of fraud compliance statutes and prevention tips to protect IT resources, customers and your company's reputation.Continue Reading

• Privacy controls to meet CCPA compliance requirements

  Existing risk management programs are a solid foundation for CCPA compliance requirements. Learn the privacy controls needed to remain CCPA-compliant and improve IT security.Continue Reading

• Why better data visibility is necessary for your business

  Lack of visibility into growing volumes of data leaves organizations at a privacy compliance and business disadvantage, but new data governance rules can help.Continue Reading

• GDPR compliance benefits emerge a year and a half later

  While some may see GDPR as a set of restrictions, it can improve business practices. Learn more about the GDPR compliance benefits.Continue Reading

• Designing secure, compliant identity access and management

  Desperately seeking secure IAM? You're not alone, and it gets extra tricky when biometrics are involved. Learn to employ modes of modern identity management and still stay compliant.Continue Reading

• IAM-driven biometrics in security requires adjustments

  IAM is foundational to cybersecurity, but the latest systems use biometrics and other personal data. Learn how to cope with the resulting compliance and privacy issues.Continue Reading

• Biometric data privacy, ethical questions complicate modern IAM

  Use of biometrics in IAM systems may help secure company systems and data, but it also raises privacy issues. Here's how to keep both your security and ethical standards high.Continue Reading

• Regs create blueprint for industrial controls, IoT and IIoT

  Protecting devices associated with industrial control systems, IoT and IIoT presents many challenges, but wide-ranging regulatory mandates can help guide cybersecurity processes.Continue Reading

• How PCI DSS compliance milestones can be a GDPR measuring stick

  Constantly evolving regulations can cause confusion for security officers, but sometimes, there is process overlap. Here's how achieving compliance with PCI DSS can help meet GDPR mandates.Continue Reading

• Protect customer data with these 5 essential steps

  Engagement with customers inevitably yields a trove of sensitive data. Learn the key steps you should take to stay compliant and secure in an era of virtual business.Continue Reading

• Lack of U.S. cryptocurrency regulation invites risk

  Daniel Allen explains how a lack of U.S. cryptocurrency regulation increases exploitation vulnerabilities, and shares his ideas for implementing regulatory oversight.Continue Reading

• SEC's iXBRL requirements met with optimism -- and trepidation

  Compliance with the SEC's new Inline XBRL requirements will change financial reporting processes. The benefits are there, but not everyone is optimistic about the change.Continue Reading

• 4 steps to remain compliant with SOX data retention policies

  Data retention policy is inherent to Sarbanes-Oxley Act compliance. In this tip, learn SOX data retention best practices to remain regulatory compliant.Continue Reading

• Compliance rules usher in new era for personal data privacy policy

  With the rollout of data privacy regulations, individual data rights and the right to be forgotten are forcing organizations to re-examine how they handle customer information.Continue Reading

• AI security tech is making waves in incident response

  Experts weigh in on the latest smart cybersecurity tools -- how they work, the implications for your IT security team and whether the investment is worth the expense.Continue Reading

• To improve incident response capability, start with the right CSIRT

  Is your organization ready to build a computer security incident response team? Here are the questions that should be answered when building a CSIRT to maximize incident response capability.Continue Reading

• How can companies implement ITSM compliance standards?

  In this Ask the Expert, IT governance expert Jeffrey Ritter discusses his formula to successfully align new technology with ITSM compliance standards -- all while minimizing risk.Continue Reading

• How can a compliance strategy improve customer trust?

  Privacy compliance strategy can help build consumer trust and improve security if companies stop looking at the regulations as an obstacle and more as a business opportunity.Continue Reading

• Identify gaps in cybersecurity processes to reduce organizational risk

  Organizational risk is a given at modern companies. But as threats persist, identifying preventable cybersecurity gaps presents an opportunity to strengthen enterprise defenses.Continue Reading

• Metrics vital to insider threat prevention and mitigation

  Insider threat prevention has become inherent to cybersecurity strategy, but companies must use the right metrics to determine whether their efforts are working.Continue Reading

• Cybersecurity governance falls short amid rising security budgets

  Companies still struggle to adapt risk management strategies to face modern threats, but maturing their cybersecurity governance processes is a step in the right direction.Continue Reading

• Graph databases could prove invaluable to fraud investigation process

  The fraud investigation process remains complicated for companies, but graph databases' information management techniques can help collect and manage valuable evidentiary data.Continue Reading

• Virtual containers help refocus modern endpoint security strategy

  As companies struggle to protect constantly expanding attack surfaces, virtual containers could quickly become essential to companies' endpoint security strategy.Continue Reading

• Enterprise CISOs face cybersecurity skills shortage

  Recent studies show that as cyber threats evolve, CISOs will face a cybersecurity talent shortage and an increasingly integral role in company processes.Continue Reading

• Enterprise cybersecurity strategies: Devising resolutions for 2017

  Companies can expect data threats to proliferate in 2017. To help, security experts outline resolutions organizations should make to bolster their cybersecurity strategies.Continue Reading

• DFARS compliance targets 'controlled unclassified information'

  Contractors have until the end of 2017 to meet DFARS compliance rules that put cybersecurity safeguards on what the U.S. government calls 'controlled unclassified information.'Continue Reading

• Enterprise information security and privacy reliant on culture

  Human error remains a threat to data, but privacy advocate Grace Buckler says setting the tone with company culture can offset enterprise information security and privacy risks.Continue Reading

• Data anonymization techniques less reliable in era of big data

  Data anonymization techniques are designed to preserve privacy of shared data, but do they work with high-dimensional data? Here's what experts have to say.Continue Reading

• The business case for IG investments in a post-regulatory world

  Continued calls for deregulation may sound like death knell for information governance, but IG investments may prove to be more vital than ever to businesses in 2017 and beyond.Continue Reading

• Mitigating insider threats remains a major cyber concern

  Expert panelists at the Cambridge Cyber Summit briefed the audience on some of the steps that organizations should implement for mitigating insider threats.Continue Reading

• FAQ: What are the EU-U.S. Privacy Shield compliance requirements?

  In this SearchCompliance FAQ, learn details about how the EU-U.S. Privacy Shield data protection requirements strive to raise consumer privacy standards.Continue Reading

• Q&A: With ransomware threat on the rise, is IoT the next victim?

  Etay Maor, executive security advisor at IBM, discusses the growing ransomware threat and why IoT could be the next ransomware target.Continue Reading

• Evolving tech forces fresh look at IT security processes

  In this Q&A, vArmour CISO Demetrios Lazarikos discusses how rapidly advancing technology is influencing how companies plan and train employees on new IT security processes.Continue Reading

• Q&A: How the deep web is used to exploit protected health information

  ICIT Fellow Robert Lord discusses the exploitation of protected health information on the deep web and gives cybersecurity tips on how to best protect these valuable records.Continue Reading

• Compliance records provide fuel for big data analytics

  Well-designed compliance records management can generate new business revenue for businesses by feeding big data analytics engines valuable data.Continue Reading

• Ransomware mitigation strategies include paying up

  Ransomware mitigation strategies should be a top business priority as the malware becomes increasingly common. But sometimes, paying up might be the only option.Continue Reading

• Digital governance and compliance tactics for the regulated business

  Digitization has become a fact life for businesses, but the increased data volumes and associated information security risks puts a strain on digital governance, risk and compliance (GRC) resources. Businesses have struggled as unprecedented data ...Continue Reading

• Aligning IT and compliance procedures increasingly a business priority

  Companies' regulatory management and tech teams often still operate independently, but businesses are starting to recognize the benefits of IT and compliance procedure alignment.Continue Reading

• FAQ: What are the International Cybersecurity Principles?

  A consortium of financial services associations is calling for international cybersecurity standards to help avoid conflicting compliance mandates across global markets.Continue Reading

• Verizon: Human error still among the top data security threats

  Verizon's 2016 Data Breach Investigations Report found human vulnerabilities and errors continue to be among companies' top data security threats.Continue Reading

• Data protection compliance boosts security, bottom line

  Data protection rules not only help keep companies regulatory compliant, but can also improve network security -- and maybe even the bottom line.Continue Reading

• Regulating big data: Monitoring systems to create new wealth

  Regulating big data to maintain compliance has become a big part of information governance, but can GRC processes also help generate new revenue?Continue Reading

• Big data intelligence increasingly a business, governance priority

  In this Q&A, Jeffrey Ritter discusses how the quest for big data intelligence is forcing governance professionals to move beyond GRC gatekeeping.Continue Reading

• Five reasons to invest in ISO 27001 and other security certifications

  Kyle Anixter, PMO manager of IT services at Curvature, discusses the business benefits of ISO 27001 certification that go beyond just data security.Continue Reading

• Can U.S. states fill the gaps in consumer privacy regulation?

  Because of the slow pace of federal policymaking, companies must rely on state legislators for guidance to protect consumer data. But privacy regulation at the state level has its challenges.Continue Reading

• Lack of digital governance rules leaves consumer privacy at risk

  Consumer data usage in the U.S. is currently governed by a patchwork of privacy legislation that can't keep up with the digital marketplace and leaves consumers at risk. A consumer bill of rights could be the first step to address this problem.Continue Reading

• Cybersecurity insurance policies gain popularity as threats persist

  Companies are increasingly turning to liability coverage to protect data assets, but questions remain for the nascent cybersecurity insurance industry.Continue Reading

• Drawing business value from GRC analytics

  Governance, risk and compliance processes face numerous complications in the digital age. Companies' data volumes continue to grow exponentially, while information security threats and regulatory mandates constantly evolve. Digitization does have ...Continue Reading

• Analytics data aids healthcare fraud prevention and detection

  Data analytics strategies are proving useful to help combat healthcare fraud, and the proactive techniques could benefit a wide range of industries.Continue Reading

• Compliance culture: FINRA shifts regulatory focus

  Finance industry regulators have shifted gears in 2016, moving away from checkbox-style regulations and focusing on companies' compliance culture.Continue Reading

• Managing cybersecurity and supply chain risks: The board's role

  Cybersecurity and supply chain risks are drawing more attention from senior management and board members, but many companies fall short with accountability.Continue Reading

• Book excerpt: Achieving digital trust in the information age

  In this book excerpt, Jeffrey Ritter explains the essential attributes of digital trust and why it's so important to business success in the information age.Continue Reading

• FTC: Analyzing big data creates discrimination risk

  Big data analytics provides several business benefits but could also discriminate against certain individuals and violate consumer data protection rules.Continue Reading

• Negligence, accidents put insider threat protection at risk

  Malicious employees are usually the focus of insider threat protection efforts, but accidents and negligence are often overlooked data security threats.Continue Reading

• New data classifications vital to information governance and security

  Businesses have invested heavily in information governance and security, and embracing three new data classifications could prove beneficial in 2016.Continue Reading

• The steps to effective cybersecurity incident response

  Planning and foresight are essential to any cybersecurity incident response plan. Follow these steps to make sure you're ready for a data breach.Continue Reading

• Data protection and security incident response when all information is a target

  Data breaches have become increasingly commonplace for businesses, and every company that has an online presence is a potential target for hackers: High-profile hacks of Target Corp. and Anthem Inc., to name a few, show how valuable personal data ...Continue Reading

• Information governance 2015: The year of digital evidence as truth

  Businesses saw major shifts to their information governance 2015 processes as legal and compliance rules more heavily relied on digital evidence as truth.Continue Reading

• Training, legal input key to information security and privacy balance

  Businesses often struggle with balancing security and privacy, but building PII management mandates into data protection efforts is a good place to start.Continue Reading

• Data protection requirements start with firm grasp of GRC needs

  Corporate data protection requirements are complex, but determining a company's unique GRC needs is an essential first step to information security.Continue Reading

• Cybersecurity and privacy compliance: The delicate balance

  As information has transformed into a huge business asset for modern companies, it has come at a price: Data is now a target for hackers seeking sensitive information about enterprises and their customers. This new online data security focus has ...Continue Reading

• As threats to data spread, security info sharing debate heats up

  New laws encourage cybersecurity information sharing between the public and private sector, but will the data protection measures infringe on privacy?Continue Reading

• 'Going dark': Weighing the public safety costs of end-to-end encryption

  'Going dark' -- or the FBI's inability to access data because of encryption -- could put public safety at risk, intelligence officials say. But tech companies argue that strong encryption is needed to protect corporate and customer data.Continue Reading

• Cybersecurity risk management benefits from analytics, reporting

  Data breaches continue to threaten businesses, but companies are turning to data analytics to help identify vulnerabilities and make cybersecurity risk management more efficient.Continue Reading

• Threats to cloud data security remain a business concern

  As threats to cloud data security continue to evolve, businesses must stay on their toes and incorporate front- and back-end processes to make sure their information is protected.Continue Reading

• Cloud risk management: Governance strategies to protect digital assets

  As the digital age continues to strain information governance budgets, many companies have turned to the cloud to reduce data storage costs: Market analyst firm IDC predicts spending on public cloud services will exceed $127 billion in 2018, ...Continue Reading

• Corporate customers play big role in cloud data loss prevention

  Cloud providers have made big information security strides, but their corporate customers still have to play their part in cloud data loss prevention.Continue Reading

• Governance needs shift as digital evidence in court becomes common

  Digital, computer-generated records have been used as evidence in recent court cases, and the trend could cause major changes for corporate data governance.Continue Reading

• Are cloud-based data warehousing and business analytics worth the risk?

  Cloud services have become a popular cost-saving option for businesses, but they must be careful to protect against constantly evolving data risk.Continue Reading

• For reliable digital evidence, information governance strategy required

  Computers are increasingly called as witnesses in court cases, forcing companies to ensure information governance processes are able to produce reliable digital evidence.Continue Reading

• Five steps to establishing a big data governance policy

  Modern companies generate and store an unprecedented amount of big data, but an information governance policy can help businesses stay compliant and reap the benefits of their digital assets.Continue Reading

• Use data governance policy to facilitate compliance initiatives

  Regulations continue to strain corporate resources, but incorporating data governance policy rules into GRC initiatives can help businesses improve information quality and remain compliant.Continue Reading

• Mobile data security creates big governance challenges

  As devices are used for increasingly complex processes, data becomes more vulnerable to loss. To keep pace, IT and security executives are developing comprehensive mobile data security plans and implementing stronger technology solutions.Continue Reading

• Data governance in the digital age

  In the digital age, companies are generating, storing and maintaining a sometimes overwhelming amount of "big data." The trend has forced companies to alter -- and sometimes completely revamp -- information governance strategy. The constant threat ...Continue Reading

• IT security best practices: Classification essential for big data

  As threats and regulations evolve, smart information governance strategies have become essential to data security and compliance in the digital age.Continue Reading

• The data governance keys to successful GRC automation

  Compliance officers have typically equipped themselves with spreadsheets to track compliance and manage audits, but the scope and complexity of today's regulatory environment stretch traditional methods to its limits. More organizations are ...Continue Reading

• Mobility gets boost from automated compliance management systems

  In this tip, learn how automated compliance management can overcome enterprise mobility complications and save valuable company resources.Continue Reading

• Tackling top regulation compliance challenges

  In this slideshow, get guidance on overcoming some of the top regulation compliance challenges of 2015.Continue Reading

• New tactics for improving critical infrastructure cybersecurity pushed by MIT consortium

  The MIT Sloan School of Management has launched a consortium that touts interdisciplinary research and cooperation as keys to improving cybersecurity.Continue Reading

• Data currency: Five steps to get max value from digital assets

  In this tip, learn digital information management strategies to take advantage of the growing data as currency movement.Continue Reading

• GRC automation: Flexibility, planning vital to success says Aflac CISO

  Aflac CISO Tim Callahan discusses the extensive planning required for the insurance giant to successfully roll out GRC automation processes.Continue Reading

• Regulation SCI creates new compliance focus for IT records and systems

  Regulation SCI requires that covered entities follow specific IT procedures, and could preview new levels of digital system compliance for the private sector.Continue Reading

• MDM policy helps protect information, mitigate security risk

  Enterprise mobility expert Bryan Barringer discusses the evolution of mobile device management and the data security benefits of MDM policy development.Continue Reading

• Fresh look at governance required to maximize information as an asset

  IGI founder Barclay T. Blair discusses lacking efforts to make information a business asset, and the initial steps required to maximize data value.Continue Reading

• For IT security and compliance jobs, experience a must

  The high demand for IT security and compliance is forcing companies to decide how previous job experience can offset the GRC skills shortage.Continue Reading

• Critical infrastructure compliance benefits from situational awareness

  For critical infrastructure, a combination of situational awareness and compliance could be the best approach to industrial control system security.Continue Reading