News Stay informed about the latest enterprise technology news and product updates.

Top 12 2012: Readers' favorite GRC management articles of the year

In our 'top 12 of 2012,' read's most-viewed articles from the past year, and discover GRC management advice and best practices.

The past year was busy one for the compliance industry, as the proliferation of social media, cloud use and new regulations further complicated governance, risk and compliance management. helped guide IT leaders through these complex issues by providing expert advice on a variety of governance, risk and compliance (GRC) management topics, including maintaining compliance with specific regulations, risk management strategies and data governance best practices -- to name just a few.

Here, we present the "top 12 of 2012," which lists the GRC management articles most viewed by visitors to in the past year. You'll find useful advice on a variety of GRC management topics to help guide your organization's compliance processes in 2013 and beyond.

Struggling with GRC management funding? Try these free tools

Governance, risk and compliance tends to get short shrift when it comes to securing investment dollars for software and process improvements. Here's how compliance professionals can use free and open source tools to automate some aspects of GRC.

Free compliance plan templates for risk assessment

Compliance officers often encounter misunderstandings about what exactly is required for a company to remain compliant. To help, scoured the Web for free templates and downloads that provide guidelines for building a targeted corporate compliance plan.

Updated European Commission framework strives for data protection, privacy

In January the European Commission announced its proposal to reform the European Union's data protection framework. The commission said the existing framework is outdated because of technological advancements, and contends the new rules are vital to individual data protection.

The vulnerability assessment vs. penetration test challenge

"Vulnerability assessment" and "penetration test" are terms often used interchangeably in IT, when in fact they are very different exercises from a regulatory standpoint. Here's how to understand the difference and decide which is better for your organization.

ISACA updates COBIT 5 governance framework

ISACA released an update to the COBIT 5 governance framework this year that it says promotes continuity between an enterprise's IT department and overall business goals. The original version of COBIT has been downloaded more than 100,000 times, and ISACA reps said IT professionals in both managerial and assurance roles can take advantage of the enhanced and better-integrated content.

Q&A: The must-haves of any business continuity and disaster recovery plan

Business continuity and disaster recovery plans not only are the first line of defense in the aftermath of a disruptive event, but also can provide a competitive advantage. In this Q&A, independent consultant and auditor Paul Kirvan discusses the traits of an organization-wide business continuity and disaster recovery plan.

Tying social media policy to records management

There are numerous business benefits from social media, but determining how social networking data fits into company risk management is difficult. A corporate social media policy is necessary -- one that clearly stipulates that when social media is used to conduct business transactions, the data is subject to the organization's overall records management policy.

Podcast: Overcoming the obstacles to PCI DSS compliance

Despite the Payment Card Industry Data Security Standard being almost a decade old, companies still struggle with PCI DSS compliance. In this podcast, learn about PCI DSS compliance best practices as information security consultant Kevin Beaver discusses the benefits of documentation, tells which departments should provide PCI security input, and gives tips on minimizing business impact if a breach occurs.

The keys to maintaining regulatory compliance

There's been an increased focus on business performance and value in GRC in recent years. But if done correctly, meeting regulatory compliance standards can ultimately improve business performance.

JOBS Act takes aim at SOX requirements

Legislators this year passed the controversial Jumpstart Our Business Startups (JOBS) Act that would roll back significant fundraising and financial regulations established by the Sarbanes-Oxley and Dodd-Frank acts. Proponents say the JOBS Act will boost small businesses, but critics contend that rolling back financial regulations sends the wrong message.

Implementing a records management strategy: The final touches

When crafting a records management strategy, the actual implementation of the data governance solution is sometimes the most complex part of the process. Here's how to make sure your records management strategy doesn't fall apart in the final stages.

SEC risk alert outlines investor social media guidelines, compliance

Shortly after the agency charged an investment adviser with offering fictitious securities through social media sites, the Securities and Exchange Commission released a risk alert reviewing the potential risks of social media use. The alert also offers suggestions for complying with the antifraud, compliance and recordkeeping provisions of federal security laws.

Let us know what you think about the story; email Ben Cole, associate editor. For IT compliance news and updates throughout the week, follow us on Twitter @ITCompliance.

Dig Deeper on Managing governance and compliance

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What is your top GRC management priority in 2013?
Ensure base compliance rules are documented and in place as required.