Tips

Tips

Managing compliance operations

• Prep a compliance audit checklist that auditors want to see

  Think your enterprise is ready for its compliance audit? Check off key points in this compliance audit preparation checklist to ensure it has all the resources needed to help auditors do their job.  Continue Reading

• IoT compliance standards and how to comply

  To address IoT security concerns, it is critical for IT leaders to adhere to IoT compliance standards. Learn more about IoT compliance and its IT-relevant standards.  Continue Reading

• 5 steps to determine residual risk during the assessment process

  Even the best security controls have data management gaps that create risk. Here are steps to identify and offset residual risk during an assessment.  Continue Reading

• Ensure IAM compliance by wielding key controls and resources

  IAM compliance is a top priority for CIOs. Read up on IAM standards and regulations, and learn how to implement IAM controls to best stay compliant.  Continue Reading

• Plan and implement a GRC framework with this checklist

  Whether planning or updating your governance, risk and compliance program, use this guide to help simplify the initiative and successfully implement a GRC framework.  Continue Reading

• Balance fraud compliance and prevention with these tips

  IT leaders must be vigilant against cyberfraud. Use this list of fraud compliance statutes and prevention tips to protect IT resources, customers and your company's reputation.  Continue Reading

• Privacy controls to meet CCPA compliance requirements

  Existing risk management programs are a solid foundation for CCPA compliance requirements. Learn the privacy controls needed to remain CCPA-compliant and improve IT security.  Continue Reading

• Biometric data privacy, ethical questions complicate modern IAM

  Use of biometrics in IAM systems may help secure company systems and data, but it also raises privacy issues. Here's how to keep both your security and ethical standards high.  Continue Reading

• How PCI DSS compliance milestones can be a GDPR measuring stick

  Constantly evolving regulations can cause confusion for security officers, but sometimes, there is process overlap. Here's how achieving compliance with PCI DSS can help meet GDPR mandates.  Continue Reading

• Approach customer engagement by first asking good questions

  Organizations need to align their customer strategy with their technology and know how to gather and use the right customer data when integrating all the components.  Continue Reading

• Protect customer data with these 5 essential steps

  Engagement with customers inevitably yields a trove of sensitive data. Learn the key steps you should take to stay compliant and secure in an era of virtual business.  Continue Reading

• 7 free GRC tools every compliance professional should know about

  All organizations need to meet a variety of regulatory compliance requirements, but they don't all have the budget for GRC software. Learn about the free, open source options.  Continue Reading

• What holistic network security tools offer an organization

  Tools that provide a holistic approach to monitoring the IT infrastructure come in a variety of configurations and delivery models. Learn what's available.  Continue Reading

• 4 steps to remain compliant with SOX data retention policies

  Data retention policy is inherent to Sarbanes-Oxley Act compliance. In this tip, learn SOX data retention best practices to remain regulatory compliant.  Continue Reading

• To improve incident response capability, start with the right CSIRT

  Is your organization ready to build a computer security incident response team? Here are the questions that should be answered when building a CSIRT to maximize incident response capability.  Continue Reading

• Guide to identifying and preventing OSI model security risks: Layers 4 to 7

  Each layer of the Open Systems Interconnection presents unique vulnerabilities that could move to other layers if not properly monitored. Here's how to establish risk mitigation strategies for OSI layer security in Layers 4 through 7.  Continue Reading

• How security, compliance standards prevent OSI layer vulnerabilities

  Each layer of the Open Systems Interconnection presents unique -- but connected -- vulnerabilities. Here's how to establish OSI security and compliance best practices.  Continue Reading

• 4 GDPR strategy tips to bring IT processes up to speed

  The GDPR deadline has long passed, but U.S. companies remain behind on compliance. Experts provide GDPR compliance tips to make sure IT is on the right side of the privacy rules.  Continue Reading

• GDPR and AI: Data collection documentation essential to compliance

  It's important to remember that artificial intelligence data and AI algorithms must hold up against GDPR regulations. Here's where GDPR and AI intersect and what CIOs can do to remain compliant.  Continue Reading

• RM principles should guide compliance management system development

  Regulatory agencies offer broad guidance for compliance management system development, but companies may be best served by referring to widely accepted risk management principles.  Continue Reading

• Graph databases could prove invaluable to fraud investigation process

  The fraud investigation process remains complicated for companies, but graph databases' information management techniques can help collect and manage valuable evidentiary data.  Continue Reading

• Virtual containers help refocus modern endpoint security strategy

  As companies struggle to protect constantly expanding attack surfaces, virtual containers could quickly become essential to companies' endpoint security strategy.  Continue Reading

• DFARS compliance targets 'controlled unclassified information'

  Contractors have until the end of 2017 to meet DFARS compliance rules that put cybersecurity safeguards on what the U.S. government calls 'controlled unclassified information.'  Continue Reading

• Compliance records provide fuel for big data analytics

  Well-designed compliance records management can generate new business revenue for businesses by feeding big data analytics engines valuable data.  Continue Reading

• Ransomware mitigation strategies include paying up

  Ransomware mitigation strategies should be a top business priority as the malware becomes increasingly common. But sometimes, paying up might be the only option.  Continue Reading

• Aligning IT and compliance procedures increasingly a business priority

  Companies' regulatory management and tech teams often still operate independently, but businesses are starting to recognize the benefits of IT and compliance procedure alignment.  Continue Reading

• Digital governance, compliance complicated by data lake accumulation

  Corporate data lakes have become common as businesses capitalize on their analytic benefits, but their prevalence should make companies rethink digital governance and compliance.  Continue Reading

• Regulating big data: Monitoring systems to create new wealth

  Regulating big data to maintain compliance has become a big part of information governance, but can GRC processes also help generate new revenue?  Continue Reading

• The new electronic data management rules to avoid digital disruption

  To maintain information value in the digital age, companies should be integrating electronic data management rules into all business processes.  Continue Reading

• New data classifications vital to information governance and security

  Businesses have invested heavily in information governance and security, and embracing three new data classifications could prove beneficial in 2016.  Continue Reading

• The steps to effective cybersecurity incident response

  Planning and foresight are essential to any cybersecurity incident response plan. Follow these steps to make sure you're ready for a data breach.  Continue Reading

• Information governance 2015: The year of digital evidence as truth

  Businesses saw major shifts to their information governance 2015 processes as legal and compliance rules more heavily relied on digital evidence as truth.  Continue Reading

• Training, legal input key to information security and privacy balance

  Businesses often struggle with balancing security and privacy, but building PII management mandates into data protection efforts is a good place to start.  Continue Reading

• Data protection requirements start with firm grasp of GRC needs

  Corporate data protection requirements are complex, but determining a company's unique GRC needs is an essential first step to information security.  Continue Reading

• Cybersecurity risk management benefits from analytics, reporting

  Data breaches continue to threaten businesses, but companies are turning to data analytics to help identify vulnerabilities and make cybersecurity risk management more efficient.  Continue Reading

• Corporate customers play big role in cloud data loss prevention

  Cloud providers have made big information security strides, but their corporate customers still have to play their part in cloud data loss prevention.  Continue Reading

• Are cloud-based data warehousing and business analytics worth the risk?

  Cloud services have become a popular cost-saving option for businesses, but they must be careful to protect against constantly evolving data risk.  Continue Reading

• For reliable digital evidence, information governance strategy required

  Computers are increasingly called as witnesses in court cases, forcing companies to ensure information governance processes are able to produce reliable digital evidence.  Continue Reading

• Five steps to establishing a big data governance policy

  Modern companies generate and store an unprecedented amount of big data, but an information governance policy can help businesses stay compliant and reap the benefits of their digital assets.  Continue Reading

• Use data governance policy to facilitate compliance initiatives

  Regulations continue to strain corporate resources, but incorporating data governance policy rules into GRC initiatives can help businesses improve information quality and remain compliant.  Continue Reading

• IT security best practices: Classification essential for big data

  As threats and regulations evolve, smart information governance strategies have become essential to data security and compliance in the digital age.  Continue Reading

• Mobility gets boost from automated compliance management systems

  In this tip, learn how automated compliance management can overcome enterprise mobility complications and save valuable company resources.  Continue Reading

• Compliance reporting processes blamed for TREAD Act failures

  Honda has revamped its regulatory compliance reporting processes after information technology failures led to record fines for TREAD Act violations.  Continue Reading

• Data currency: Five steps to get max value from digital assets

  In this tip, learn digital information management strategies to take advantage of the growing data as currency movement.  Continue Reading

• Regulation SCI creates new compliance focus for IT records and systems

  Regulation SCI requires that covered entities follow specific IT procedures, and could preview new levels of digital system compliance for the private sector.  Continue Reading

• MDM policy helps protect information, mitigate security risk

  Enterprise mobility expert Bryan Barringer discusses the evolution of mobile device management and the data security benefits of MDM policy development.  Continue Reading

• For IT security and compliance jobs, experience a must

  The high demand for IT security and compliance is forcing companies to decide how previous job experience can offset the GRC skills shortage.  Continue Reading

• Critical infrastructure compliance benefits from situational awareness

  For critical infrastructure, a combination of situational awareness and compliance could be the best approach to industrial control system security.  Continue Reading

• Contemporary digital information assets require new look at governance

  To protect and manage constantly evolving digital information assets, modern companies must reexamine data governance and classification.  Continue Reading

• Staff shortage impacted by security and compliance skills demand

  The data threat landscape has forced companies to rethink hiring processes before a staff shortage negatively impacts security and compliance.  Continue Reading

• Regulation SCI broadens scope for IT systems compliance

  The SEC's Regulation SCI targets the securities' market IT systems, but could serve as a model for other sectors struggling with high-tech compliance.  Continue Reading

• Planning, follow-up required to ensure mobile compliance and security

  In this tip, learn why best practices such as continuous monitoring and third-party vetting are vital to long-term mobile compliance and security.  Continue Reading

• Keep devices regulation ready with compliant mobile data management

  In this tip, learn how to prepare and implement a mobile data management policy that protects your organization against compliance violations.  Continue Reading

• Health data privacy regulations impacting a wide range of industries

  Navigating health data privacy compliance requirements is proving complicated for HIPAA business associates and other non-healthcare industries.  Continue Reading

• As data threats and mandates persist, governance vital to manage risk

  Security threats and compliance rules complicate businesses' information protection efforts, but smart governance processes can help manage risk.  Continue Reading

• The 10 questions to ask during a mobile risk assessment

  To both embrace the benefits of BYOD and shore up the security gaps created by it, ask these 10 questions when conducting a mobile risk assessment.  Continue Reading

• FAQ: Were executives held accountable after the Target data breach?

  Target Corp. has made major executive changes in the months following its massive 2013 data breach as the company strives to reassure customers and rework digital information security processes.  Continue Reading

• Three steps to keep IT policies and procedures regulatory compliant

  Corporate compliance and risk management expert Jeffrey Jenkins shares how he ensures IT policies and procedures remain in sync with current compliance regulations.  Continue Reading

• Six steps to build an effective enterprise risk management program

  Follow these six steps to develop an enterprise risk management program that maps risks and establishes countermeasures.  Continue Reading

• Preparation underway for Dodd-Frank conflict mineral disclosures

  Dodd-Frank conflict mineral provisions create new disclosure rules for public companies. In this tip, learn how to prepare for the regulations.  Continue Reading

• Three strategies to align organizational compliance and security goals

  Compliance and security departments sometimes have an adversarial relationship, but organizations can benefit from aligning their strategic goals.  Continue Reading

• Balance financial, risk aspects during electronic equipment disposal

  IT asset management expert Barb Rembiesa discusses the data security risk -- and potential business benefits -- of electronic equipment disposal.  Continue Reading

• The ABCs of meeting quarterly PCI scanning requirements

  For some organizations, quarterly PCI DSS scanning requirements create confusion. Here are tips on the PCI scanning process to help stay compliant.  Continue Reading

• Get a free IT or corporate compliance plan template for assessing risk

  To adhere to regulatory guidelines, companies must develop strong compliance programs. These free IT and corporate compliance plan template examples can help.  Continue Reading

• Audit management: Five strategies to streamline the PCI audit process

  Tired of the same Payment Card Industry (PCI) assessment headaches every year? Here are five process strategies to streamline the PCI audit process.  Continue Reading

• A decision maker's guide to organizational records management strategy

  Records management strategy is the cornerstone of meeting IT compliance guidelines and regulations. Learn what resources and characteristics you need to stay up to speed.  Continue Reading

• Five tips to help guide green compliance at your organization

  As more industries push for environmentally friendly processes, green compliance is a major concern. Here are tips to help incorporate the right green IT practices at your organization.  Continue Reading

• Start at the end: Keys to an audit-driven corporate compliance program

  Creating an audit kit is usually the last part of corporate compliance program development. Our expert says your organization may be better served by flipping the process.  Continue Reading

• Five tips to balance risk management and compliance

  Being protected from risk does not automatically mean you are compliant. Learn how you can properly balance risk management and compliance with tips from some of our top articles.  Continue Reading

• Five compliance strategy tips to help diminish your risks

  Having a tough time developing the right compliance strategy? Check out our must-reads to help you find ways to develop best practices, diminish risk and reduce costs.  Continue Reading

• Avoid duplicated efforts to cut the cost of regulatory compliance

  The cost of regulatory compliance does not have to break the bank -- getting rid of duplicated efforts in compliance strategy is a good place to start.  Continue Reading

• How GRC, sustainability and CSR relate to one another

  How your organization determines the relationships among GRC, sustainability and CSR depends on the context of each item -- and is dependent on management's goals.  Continue Reading

• How NIST SP 800-39 will refine enterprise-wide risk management

  New NIST SP 800-39 guidelines refine governance models to help incorporate enterprise-wide risk management and assist organizations in making better risk-based decisions.  Continue Reading

• Why voluntary compliance with compliance regulations is a good thing

  Some firms are opting for voluntary compliance with unnecessary regulations. Here are the benefits to following compliance regulations that don’t legally apply to your business.  Continue Reading

• Are you in compliance with the ISO 31000 risk management standard?

  The ISO 31000 risk management standard is becoming an important development tool for shaping existing and new programs. Learn if your programs are in compliance with the standard.  Continue Reading

• Using metrics to enhance information risk management

  Risk management metrics can dramatically improve your information risk management and compliance initiatives. But regulatory compliance officers have to take the initiative.  Continue Reading

• Learning to manage risk-based internal controls must be a priority

  With internal controls based on some level of risk, organizations should make management of internal risk-based controls a critical business activity.  Continue Reading

• How to increase stakeholder value through corporate compliance

  Stakeholders know the importance of corporate compliance to a company's success. Properly gauging stakeholders' expectations can help ensure compliance efforts will satisfy them.  Continue Reading

• Seven considerations when evaluating automated GRC tools

  Automated tools can help ease the compliance burden, but financial services firms must first weigh their needs. In this tip, David Strom looks at the top considerations when looking into buying a GRC tool.  Continue Reading

• Log management and compliance: What's the real story?

  As more companies deploy security information and event management tools, as well as log management solutions, it's time to take a look at the regulations that apply to logging.  Continue Reading

• Due diligence on a disaster recovery plan enables business continuity

  Creating an effective disaster recovery plan is essential to business continuity, regardless of ambiguity around IT controls for data protection.  Continue Reading

• Contingent controls complement business continuity, DR

  An important aspect of managing risk is to build in contingent controls alongside your disaster recovery and business continuity implementation.  Continue Reading

• Applying the ISO 27005 risk management standard

  The ISO 27005 risk management methodology standard has weaknesses when it comes to risk measurement. "Fuzzy math" theory can help fill the gaps.  Continue Reading

• Best practices and requirements for GLBA compliance

  GLBA requirements to protect personal information have become more relevant than ever. In this tip, Paul Rohmeyer examines best practices for GLBA compliance.  Continue Reading

• Lack of incident response plan leaves hole in compliance strategy

  Without an incident response plan, businesses can tend to be reactive rather than proactive when data breaches occur. Here are some steps to follow.  Continue Reading

• Unified Compliance Framework unties overlapping compliance standards

  Compliance professionals and vendors are turning to the Unified Compliance Framework as a common language for overlapping compliance standards.  Continue Reading

• A business continuity management standard would offer consistency

  BCM standards by themselves may not be necessary, but compliance with a standard is -- and a globally recognized BCM standard for consistent measurement would be a good thing.  Continue Reading

• Business Model for Information Security: Security right the first time

  The Business Model for Information Security, a new framework introduced by ISACA, employs 'systems thinking' models that promise to get security right the first time.  Continue Reading

• FTC compliance mandates new rules for social media marketing

  Revised rules on social media marketing mean that FTC compliance will require effective new corporate policies for online marketers and employees.  Continue Reading

• Threat management for information systems relies on categorization

  Every information system faces threats, but not all threats should be treated equally. ISO 27005 offers a guide on how to categorize threats to your organization.  Continue Reading

• Does using ISO 27000 to comply with PCI DSS make for better security?

  PCI DSS is under fire for not providing enough security in the process of securing credit card data. Using ISO 27000 to complement PCI may provide better compliance and security.  Continue Reading

• Are mandatory business continuity management standards good business?

  Compliance with business continuity management standards demonstrates that a company is committed to protecting its business -- but the U.S. falls short of making BCM mandatory.  Continue Reading

• PCI DSS compliance requires new vendor management strategy

  Requirement 12.8 requires a better vendor management strategy for PCI DSS compliance.  Continue Reading

• What's the Massachusetts data protection law and what does it require?

  Massachusetts' data protection law, 201 CMR 17.00, focuses on prevention rather than notification. Here are the technologies and policies you'll need for compliance.  Continue Reading

• Comparing how-to guides for business continuity standards

  What needs to be done to comply with business continuity standards? First, perform a risk assessment, then define your business continuity strategy.  Continue Reading

• How to mitigate operational, compliance risk of outsourcing services

  Companies must have an approach to evaluating partner risk, the level of risk of both the service and the provider, and the adequacy of the security practices of the provider.  Continue Reading

• Applying risk assessment to your disaster recovery plan

  Before implementing a disaster recovery plan, perform a comprehensive risk assessment of all the potential vulnerabilities your business faces.  Continue Reading

• How AML compliance applies to remote deposit capture

  Financial institutions rushing to deploy remote deposit capture (RDC) need to consider how the Bank Secrecy Act and anti-money laundering regulations apply to the technology. In this tip, Dan Fisher explains what measures institutions need to take ...  Continue Reading

• Why it may not be ideal for your lawyer to be your compliance officer

  While lawyers bring a certain expertise to the table, business leaders need a broader range of technical, security and communications skills in their compliance officers.  Continue Reading

• What controls can compensate when segregation of duties isn't economically feasible?

  Having a strong log management capability is a good way to start when security segregation isn't possible. Mike Rothman explains.  Continue Reading