Problem solve

Managing governance and compliance

• 4 GDPR strategy tips to bring IT processes up to speed

  The GDPR deadline has long passed, but U.S. companies remain behind on compliance. Experts provide GDPR compliance tips to make sure IT is on the right side of the privacy rules. Continue Reading

• GDPR and AI: Data collection documentation essential to compliance

  It's important to remember that artificial intelligence data and AI algorithms must hold up against GDPR regulations. Here's where GDPR and AI intersect and what CIOs can do to remain compliant. Continue Reading

• At Google, company culture key is to assuring consumer privacy

  The lack of comprehensive federal privacy legislation leaves not only consumers vulnerable, but also companies frustrated. Many consumers lack information about the many ways their personal data is ... Continue Reading

• Cybersecurity and privacy compliance: The delicate balance

  As information has transformed into a huge business asset for modern companies, it has come at a price: Data is now a target for hackers seeking sensitive information about enterprises and their customers. This new online data security focus has ... Continue Reading

• Cloud risk management: Governance strategies to protect digital assets

  As the digital age continues to strain information governance budgets, many companies have turned to the cloud to reduce data storage costs: Market analyst firm IDC predicts spending on public cloud services will exceed $127 billion in 2018, ... Continue Reading

• Mobile data security creates big governance challenges

  As devices are used for increasingly complex processes, data becomes more vulnerable to loss. To keep pace, IT and security executives are developing comprehensive mobile data security plans and implementing stronger technology solutions.Continue Reading

• Keep devices regulation ready with compliant mobile data management

  In this tip, learn how to prepare and implement a mobile data management policy that protects your organization against compliance violations.Continue Reading

• Governance and analytics reduce big data risk, boost information value

  In this Q&A, ARMA 2014 Conference presenter Barclay T. Blair discusses how information governance strategies can help with big data risk management.Continue Reading

• Preparation underway for Dodd-Frank conflict mineral disclosures

  Dodd-Frank conflict mineral provisions create new disclosure rules for public companies. In this tip, learn how to prepare for the regulations.Continue Reading

• Three strategies to align organizational compliance and security goals

  Compliance and security departments sometimes have an adversarial relationship, but organizations can benefit from aligning their strategic goals.Continue Reading

• Balance financial, risk aspects during electronic equipment disposal

  IT asset management expert Barb Rembiesa discusses the data security risk -- and potential business benefits -- of electronic equipment disposal.Continue Reading

• The ABCs of meeting quarterly PCI scanning requirements

  For some organizations, quarterly PCI DSS scanning requirements create confusion. Here are tips on the PCI scanning process to help stay compliant.Continue Reading

• Get a free IT or corporate compliance plan template for assessing risk

  To adhere to regulatory guidelines, companies must develop strong compliance programs. These free IT and corporate compliance plan template examples can help.Continue Reading

• Audit management: Five strategies to streamline the PCI audit process

  Tired of the same Payment Card Industry (PCI) assessment headaches every year? Here are five process strategies to streamline the PCI audit process.Continue Reading

• Five tips to balance risk management and compliance

  Being protected from risk does not automatically mean you are compliant. Learn how you can properly balance risk management and compliance with tips from some of our top articles.Continue Reading

• Five compliance strategy tips to help diminish your risks

  Having a tough time developing the right compliance strategy? Check out our must-reads to help you find ways to develop best practices, diminish risk and reduce costs.Continue Reading

• Avoid duplicated efforts to cut the cost of regulatory compliance

  The cost of regulatory compliance does not have to break the bank -- getting rid of duplicated efforts in compliance strategy is a good place to start.Continue Reading

• How GRC, sustainability and CSR relate to one another

  How your organization determines the relationships among GRC, sustainability and CSR depends on the context of each item -- and is dependent on management's goals.Continue Reading

• How NIST SP 800-39 will refine enterprise-wide risk management

  New NIST SP 800-39 guidelines refine governance models to help incorporate enterprise-wide risk management and assist organizations in making better risk-based decisions.Continue Reading

• Why voluntary compliance with compliance regulations is a good thing

  Some firms are opting for voluntary compliance with unnecessary regulations. Here are the benefits to following compliance regulations that don’t legally apply to your business.Continue Reading

• Are you in compliance with the ISO 31000 risk management standard?

  The ISO 31000 risk management standard is becoming an important development tool for shaping existing and new programs. Learn if your programs are in compliance with the standard.Continue Reading

• Using metrics to enhance information risk management

  Risk management metrics can dramatically improve your information risk management and compliance initiatives. But regulatory compliance officers have to take the initiative.Continue Reading

• Learning to manage risk-based internal controls must be a priority

  With internal controls based on some level of risk, organizations should make management of internal risk-based controls a critical business activity.Continue Reading

• Applying the ISO 27005 risk management standard

  The ISO 27005 risk management methodology standard has weaknesses when it comes to risk measurement. "Fuzzy math" theory can help fill the gaps.Continue Reading

• Lack of incident response plan leaves hole in compliance strategy

  Without an incident response plan, businesses can tend to be reactive rather than proactive when data breaches occur. Here are some steps to follow.Continue Reading

• Unified Compliance Framework unties overlapping compliance standards

  Compliance professionals and vendors are turning to the Unified Compliance Framework as a common language for overlapping compliance standards.Continue Reading

• A business continuity management standard would offer consistency

  BCM standards by themselves may not be necessary, but compliance with a standard is -- and a globally recognized BCM standard for consistent measurement would be a good thing.Continue Reading

• Business Model for Information Security: Security right the first time

  The Business Model for Information Security, a new framework introduced by ISACA, employs 'systems thinking' models that promise to get security right the first time.Continue Reading

• Threat management for information systems relies on categorization

  Every information system faces threats, but not all threats should be treated equally. ISO 27005 offers a guide on how to categorize threats to your organization.Continue Reading

• What's the Massachusetts data protection law and what does it require?

  Massachusetts' data protection law, 201 CMR 17.00, focuses on prevention rather than notification. Here are the technologies and policies you'll need for compliance.Continue Reading

• Why it may not be ideal for your lawyer to be your compliance officer

  While lawyers bring a certain expertise to the table, business leaders need a broader range of technical, security and communications skills in their compliance officers.Continue Reading

• Maintaining compliance in a world of constant change

  Robert Childs examines four steps information security practitioners can take to ensure that their compliance efforts are maintained and kept up-to-date.Continue Reading