Manage

Manage

Learn to apply best practices and optimize your operations.

• Priorities for your sound regulatory compliance management policy

  A sound regulatory compliance management strategy must have its priorities in order, including document management, security standards and leadership. Continue Reading

• Data loss prevention technology matures but is still no cure-all

  Data loss prevention technology shows signs of maturation and is proving to be flexible for meeting regulatory compliance mandates. Continue Reading

• HIPAA-covered entities' first step should be a quality assurance plan

  HIPAA-covered entities must leverage or install a good QA team, an effort that should be driven from the top down and be part of the strategic plan of the technology organization. Continue Reading

• Discovery of data breach under HITECH raises big compliance questions

  The new HHS data breach discovery rule under the HITECH Act is specific, so determining exactly when a breach has been discovered becomes critically important. Continue Reading

• D.C. CTO sees compliance, cost savings benefits to cloud computing

  The CTO for the District of Columbia is staying compliant while finding cost savings and ROI through his cloud computing platform. Continue Reading

• Does using ISO 27000 to comply with PCI DSS make for better security?

  PCI DSS is under fire for not providing enough security in the process of securing credit card data. Using ISO 27000 to complement PCI may provide better compliance and security.Continue Reading

• Online privacy: New rules for melding e-commerce and information

  E-commerce has redefined individual privacy, and compliance and security officers need to practice some viral marketing to convince users online privacy is serious business.Continue Reading

• Security and compliance can go together, when done in the right order

  You can have security and still not be in compliance -- but you can't have true compliance without real security. How to avoid getting caught in the security and compliance trap.Continue Reading

• Be ready for electronic discovery with a records retention policy

  Email does not drive records retention policy -- it's about what's in the email. With a few simple steps you can help prevent electronic discovery surprises and costly fines.Continue Reading

• Are mandatory business continuity management standards good business?

  Compliance with business continuity management standards demonstrates that a company is committed to protecting its business -- but the U.S. falls short of making BCM mandatory.Continue Reading

• Nonprofits are working to maintain donor trust with PCI compliance

  For nonprofits that process electronic payments, achieving PCI compliance is a matter of both trust and security.Continue Reading

• PCI DSS compliance fails to raise the bar on financial fraud

  Experts say PCI DSS compliance doesn't prevent sophisticated online financial fraud schemes. Security and compliance managers need to go beyond the standard.Continue Reading

• HIPAA-covered entities, business associates confront HITECH rules

  How HIPAA covered entities and HIPAA business associates should implement new, tougher health care and data privacy rules set by the HITECH Act.Continue Reading

• PCI DSS compliance requires new vendor management strategy

  Requirement 12.8 requires a better vendor management strategy for PCI DSS compliance.Continue Reading

• PCI DSS compliance requires better management of vendor risk

  PCI DSS Requirement 12.8 requires organizations to measure and mitigate vendor risk.Continue Reading

• Energy efficiency, carbon driving sustainable business development

  Marrying energy efficiency opportunities with alternative energy and carbon management is enabling sustainable business development in a way that has not been possible before.Continue Reading

• Architect preventative compliance controls for best risk management

  Controls are a key part of your compliance and risk management strategy, but which controls are the right ones for your organization?Continue Reading

• Run encryption the right way to ensure wireless network security

  You may be compliant by enabling WPA or WPA2 encryption for wireless network security, but you won't be secure unless you implement strong password security.Continue Reading

• What's the Massachusetts data protection law and what does it require?

  Massachusetts' data protection law, 201 CMR 17.00, focuses on prevention rather than notification. Here are the technologies and policies you'll need for compliance.Continue Reading

• State data protection laws offer opportunity for proactive companies

  Despite appearances, the Massachusetts data protection law does offer opportunities for those who act proactively.Continue Reading

• Social media platforms demand a clear employee Internet use policy

  Social media platforms make it easier than ever for employees to post information that could be harmful to your business. Here are some steps to take.Continue Reading

• Effective techniques for continuity risk management, measurement

  There is no magic formula for measuring continuity risk. In the end, risk measurement is a process, not a formula. Here are some tips that can help you be as accurate as possible.Continue Reading

• Data security: The missing piece of e-discovery (but not for long)

  There's an elephant in the e-discovery room: data security, in the form of porous networks, sophisticated hackers, malicious insiders and altered electronic records.Continue Reading

• E-discover the gaps in your information management process

  Information management processes are the biggest IT-related weakness in any given organization, but they can be strengthened by clearly defined retention policies.Continue Reading

• Discovery process puts onus on electronic records management tools

  Electronic records are now considered equivalent to paper records in the discovery process for regulatory compliance or legal cases, but new search tools are available to help.Continue Reading

• The right business strategy for corporate social responsibility

  Something happens when the word "sustainability" comes up. People become fixated on the environmental aspects of corporate social responsibility and forget about the economics.Continue Reading

• A compliance officer, secure network aren't enough for real compliance

  Compliance is in the eye of the beholder until a business claims more than a compliance officer and a secure network. Learn what to do to be on the road to "real" compliance.Continue Reading

• Electronic discovery critical to health of company, IT organization

  Electronic discovery can turn into an e-nightmare. But an efficient and lean IT organization and a good litigation contingency plan is the key to sustained success.Continue Reading

• Critical infrastructure at risk to cyberattacks: What you can do

  With critical infrastructure a priority for the Obama administration, the security of SCADA systems against cyberattacks is getting long overdue attention.Continue Reading

• Comparing how-to guides for business continuity standards

  What needs to be done to comply with business continuity standards? First, perform a risk assessment, then define your business continuity strategy.Continue Reading

• Nevada toughens data protection law with crypto, PCI requirements

  Nevada was one of the first states in the nation to pass a comprehensive data protection law, and it just got tougher for criminals -- and IT professionals.Continue Reading

• Chapter excerpt: Decision-making processes and IT governance

  Find out how sound decision-making processes form the foundation of IT governance policies by allocating decision rights and accountability.Continue Reading

• Business model risk is a key part of your risk management strategy

  Management consultants Amit Sen and John Vaughan discuss business model risk, a way to apply risk management policies to new or changed business processes.Continue Reading

• How to mitigate operational, compliance risk of outsourcing services

  Companies must have an approach to evaluating partner risk, the level of risk of both the service and the provider, and the adequacy of the security practices of the provider.Continue Reading

• Applying risk assessment to your disaster recovery plan

  Before implementing a disaster recovery plan, perform a comprehensive risk assessment of all the potential vulnerabilities your business faces.Continue Reading

• HIPAA becoming a standard for data protection regulations

  HIPAA's jurisdiction is widening as more businesses, organizations and schools provide direct healthcare services to their employees or students.Continue Reading

• What's in the White House Cyberspace Policy Review you need to know?

  The White House Cyberspace Policy Review includes recommendations that could fundamentally change the approach to security for U.S. business and organizations.Continue Reading

• Chapter excerpt: The Three Core Disciplines of IT Risk Management

  IT risk management is built on a well-structured foundation of IT assets, a well-designed and executed risk governance process and a risk-aware culture.Continue Reading

• Dumped patient records underscore tougher HIPAA compliance rules

  Health care providers who have played fast and loose with HIPAA compliance are in for a rude awakening, as a feistier DHHS seeks to enforce stronger HIPAA provisions and penalties.Continue Reading

• Why it may not be ideal for your lawyer to be your compliance officer

  While lawyers bring a certain expertise to the table, business leaders need a broader range of technical, security and communications skills in their compliance officers.Continue Reading

• Leveraging your business intelligence resources for compliance

  Business intelligence technology can help CIOs and IT teams organize and manage compliance data into a compliance data system.Continue Reading

• Are you out of the loop on state data breach notification laws?

  Many companies are greeting emerging state data breach notification laws with blank stares, but doing nothing is not the solution.Continue Reading

• Enforcement date for FACT's Red Flags Rule approaches

  The Red Flags Rule, which mandates companies develop methods by which they will identify, detect and respond to identity theft incidents, is set to go into effect May 1.Continue Reading

• HIPAA criminal convictions outpace sanctions

  Despite several years as law, HIPAA has resulted in only two sanctions to organizations, but there have been eight criminal convictions from the use of stolen health care data.Continue Reading

• HIPAA enforcement, more government audits leading to more convictions

  Health care providers are taking steps to fight data thefts while agencies improve audits and HIPAA enforcement. As a result, convictions are up. Second in a two-part series.Continue Reading

• HIPAA enforcement getting stronger

  Agencies charged with enforcing HIPAA regulations have been slow to set policies for HIPAA compliance reviews and enforcement, but that's about to change. Part one of a series.Continue Reading

• Podcast: New Massachusetts data protection law mandates IT compliance

  In this podcast from SearchCompliance.com, a state CIO and general counsel explain how a strict new Massachusetts data protection law will affect IT compliance and businesses.Continue Reading

• Factor risk management into compliance assessments

  Risk management expert Cass Brewer demonstrates how to use key risk indicators to calculate risk value in organizational compliance assessments.Continue Reading

• Avoid enterprise risk with compliance system controls

  A lack of internal controls over activities and systems can lead to failed compliance initiatives and increased risk to the enterprise.Continue Reading

• Data center virtualization: Four steps to compliance

  Server virtualization, managed data centers and hosted software can affect your company's compliance controls. Here's how to overcome the obstacles.Continue Reading

• Avoid legal issues in disaster's wake

  The legal issues following a disaster recovery cleanup can provide nasty surprises. Planning and documentation are key.Continue Reading

• Risk management compliance holdouts get wake-up call

  Get your enterprise risk management, or ERM, act together. That's the advice experts are giving enterprise business and technical leaders.Continue Reading

• Legal Expert: MDM can advance compliance goals

  Master data management (MDM) may not seem like a compliance play, yet cost savings from compliance may be MDM's strongest business case. Here's how to ensure you reap those benefits.Continue Reading

• A closer look at computer forensics and e-discovery processes

  This podcast defines both computer forensics and e-discovery processes and provides examples of how some CIOs are increasing awareness of these disciplines in the enterprise.Continue Reading

• SaaS: Navigating the compliance minefield

  The underlying legal issues for SaaS contracts can be ticking time bombs if you don't pay attention to the details.Continue Reading

• Compliance and offshoring best practices: Expert podcast

  Outsourcing to an offshore company doesn't mean you can forget about compliance regulations. Forrester's Khalid Kark offers tips on how to offshore and still be in compliance.Continue Reading

• Midmarket regulatory compliance management: Don't let your guard down

  All compliance regulations are not created equal. Security expert Joel Dubin has advice on how to midmarket companies keep regulation requirements in order.Continue Reading

• Financial regulatory compliance best practices, tips

  Financial compliance regulations are constantly changing. Here are some CIO best practices and tips for effective compliance strategies.Continue Reading

• Compliance regulations: Understanding the dirty dozen

  This report shows the 12 compliance regulations that apply most to your organization, depending on industry, such as SOX, the Patriot Act, HIPAA, Basel II and others.Continue Reading

• Data destruction made simple and cheap

  You know that old laptop you just chucked in the trash? Well, if you didn't scrub it clean of data, it could be a security breach waiting to happen. Learn how to destroy data on unwanted machines.Continue Reading

• E-discovery more than just litigation insurance

  The benefits of e-discovery go far beyond preparing a company for potential litigation. It can improve internal functions and save money, too.Continue Reading

• Event log manager saves bank both time and money

  With regulatory and security concerns bearing down, one bank decided the time had come to upgrade its event log management capabilities. In addition to improved compliance and efficiency, the bank also managed to save a few pennies.Continue Reading