Risk and compliance strategies and best practices

Enterprise risk and compliance processes are a vital component of successful businesses in the digital age as companies struggle with constantly evolving data threats and regulatory mandates. Read news and tips to assist with risk and compliance strategies, including advice to streamline data governance efforts to help keep business information compliant and secure.

Top Stories

Feature 17 Jun 2025
ERM implementation: How to deploy a framework and program

Enterprise risk management helps organizations proactively manage risks. Here's a look at ERM frameworks that can be used and key steps for implementing a program. Continue Reading
By
- Chris Tozzi
Tip 08 Apr 2025
Ransomware payments: Considerations before paying

To pay or not to pay -- that's the question after a ransomware attack. Law enforcement recommends against it, but that doesn't stop some companies from paying up. Continue Reading
By
- Kyle Johnson, Technology Editor

Feature 17 Jun 2025
ERM implementation: How to deploy a framework and program

Enterprise risk management helps organizations proactively manage risks. Here's a look at ERM frameworks that can be used and key steps for implementing a program. Continue Reading
By
- Chris Tozzi
Definition 09 May 2025
What is the Sarbanes-Oxley Act? Definition and summary

The Sarbanes-Oxley Act of 2002 (SOX) is a federal law that established sweeping auditing and financial regulations for public companies. Continue Reading
By
- Katie Terrell Hanna
- Ben Lutkevich, Site Editor
Definition 28 Apr 2025
What is a risk map (risk heat map)?

A risk map, or risk heat map, is a data visualization tool for communicating specific risks an organization faces. Continue Reading
By
- Mary K. Pratt
- Mekhala Roy
Definition 24 Apr 2025
What is risk exposure in business?

Risk exposure is the quantified potential loss from currently underway or planned business activities. Continue Reading
By
- Dave Shackleford, Voodoo Security
- Ben Cole, Executive Editor
Tip 08 Apr 2025
Ransomware payments: Considerations before paying

To pay or not to pay -- that's the question after a ransomware attack. Law enforcement recommends against it, but that doesn't stop some companies from paying up. Continue Reading
By
- Kyle Johnson, Technology Editor
Definition 08 Apr 2025
What is a key risk indicator (KRI) and why is it important?

A key risk indicator (KRI) is a metric for measuring the likelihood that the combined probability of an event and its consequences will exceed the organization's risk appetite. Continue Reading
By
- Paul Kirvan
- Linda Tucci, Industry Editor -- CIO/IT Strategy
Tip 13 Mar 2024
17 potential costs of shadow IT

Companies should be vigilant and consider the significant costs associated with shadow IT. Learn about these overlooked issues and how they affect the organization. Continue Reading
By
- Paul Kirvan
Tip 05 Mar 2024
What are the pros and cons of shadow IT?

The increase of generative AI, digital natives and remote work drives the rise of shadow IT. CIOs and IT leaders should evaluate the pros and cons to mitigate potential risks. Continue Reading
By
- Mary K. Pratt
Tip 29 Jan 2024
How to rank and prioritize security vulnerabilities in 3 steps

Vulnerability management programs gather massive amounts of data on security weaknesses. Security teams should learn how to rank vulnerabilities to quickly fix the biggest issues. Continue Reading
By
- Mike Chapple, University of Notre Dame
Feature 16 Aug 2023
Top 12 risk management skills and why you need them

Effective risk management is necessary in all parts of a business. Here are a dozen skills that risk managers need to be successful in their jobs. Continue Reading
By
- Andy Patrizio
Tip 25 Oct 2022
5 advantages and 6 disadvantages of open source software

Open source software is popular with both small and large organizations, and for good reason. But CIOs should understand which situations works best for this lower cost option. Continue Reading
By
- Mary K. Pratt
Definition 17 May 2022
chief procurement officer (CPO)

The chief procurement officer, or CPO, leads an organization's procurement department and oversees the acquisitions of goods and services made by the organization. Continue Reading
By
- Kinza Yasar, Technical Writer
- Mary K. Pratt
Tip 01 Nov 2021
Where cloud cryptography fits in a security strategy

IT teams face a never-ending challenge as they try to secure data. When that data lives in the cloud, encryption is a key concern. Implement these data encryption tips and tools. Continue Reading
By
- Stuart Burns
Tip 29 Jun 2021
Mitigate threats with a remote workforce risk assessment

Risk assessments are more necessary than ever as organizations face the challenge of protecting remote and hybrid workers alongside in-office employees. Continue Reading
By
- Paul Kirvan
Tip 24 May 2021
An adequacy audit checklist to assess project performance

Adequacy audits are conducted to assess the efficacy of IT system controls and identify areas for performance or other improvements. Use this audit checklist to get started. Continue Reading
By
- Paul Kirvan
News 12 May 2021
Funding is key to strengthening national cybersecurity

In the wake of the Colonial Pipeline ransomware attack, national cybersecurity experts make the case for additional funding during a Senate hearing. Continue Reading
By
- Makenzie Holland, Senior News Writer
Feature 15 Apr 2021
Managing cybersecurity during the pandemic and in the new digital age

Roota Almeida, CISO at Delta Dental of New Jersey and Delta Dental of Connecticut, talks about the cybersecurity threats she's seen over the last year and how she's effectively managing her security team. Continue Reading
By
- Gabriella Frick
Tip 09 Dec 2020
Key SOC metrics and KPIs: How to define and use them

Enterprises struggle to get the most out of their security operation centers. Using the proper SOC metrics and KPIs can help. Learn how to define and benefit from them here. Continue Reading
By
- Andrew Froehlich, West Gate Networks
- Nick Lewis
Guest Post 06 Aug 2020
The contradiction of post COVID-19 risk management

Security vs. usability is always a constant struggle for security teams. The rapid change to remote access during the pandemic has forced companies to revisit their risk management approach. Continue Reading
By
- Jonathan Couch
Answer 10 Mar 2020
Risk management vs. risk assessment vs. risk analysis

Understanding risk is the first step to making informed budget and security decisions. Explore the differences between risk management vs. risk assessment vs. risk analysis. Continue Reading
By
- Katie Donegan, Social Media Manager
Feature 28 Feb 2020
Cyberinsurance coverage reflects a changing threat landscape

A constant deluge of data breach disclosures has prompted an increase in cybersecurity insurance coverage adoption. Learn how a policy can enhance an enterprise risk management program. Continue Reading
By
- Katie Donegan, Social Media Manager
Feature 17 Dec 2019
Data breach risk factors, response model, reporting and more

Dig into five data breach risk factors, and learn how the DRAMA data breach response model can help enterprises counter breaches in a timely and efficient manner. Continue Reading
By
- Sharon Shea, Executive Editor
Feature 16 Dec 2019
The ins and outs of cyber insurance coverage

Cyber insurance coverage can help companies successfully navigate the aftereffects of a data breach. However, choosing a policy in the first place can be confusing. Continue Reading
By
- Sharon Shea, Executive Editor
- Pearson Education
Feature 06 Nov 2019
Navigate PII data protection and GDPR to meet privacy mandates

Know the commonalities surrounding personally identifiable information to better navigate and comply with the regulations and penalties IT managers must contend with today. Continue Reading
By
- Marc Staimer, Dragon Slayer Consulting
Feature 16 Jul 2019
SEC's iXBRL requirements met with optimism -- and trepidation

Compliance with the SEC's new Inline XBRL requirements will change financial reporting processes. The benefits are there, but not everyone is optimistic about the change. Continue Reading
By
- George Lawton
Feature 26 Jun 2019
Build a proactive cybersecurity approach that delivers

Whether it's zero-trust, adaptive security or just plain common sense, IT leaders must embrace an approach to IT security that's proactive, not reactive. Continue Reading
By
- Stan Gibson, Stan Gibson Communications
Feature 20 Dec 2018
Security, compliance standards help mitigate BIOS security vulnerabilities

Cybersecurity vulnerabilities associated with PCs often overlook BIOS. Read for strategies to offset these threats and for preventing unauthorized BIOS modifications. Continue Reading
By
- Daniel Allen, N2 Cyber Security Consultants
News 21 Nov 2018
Risk assessments essential to secure third-party vendor management

Panelists at Infosec North America advised those charged with third-party vendor management to perform due diligence and assess the innate risk vendors create for business processes. Continue Reading
By
- Kassidy Kelley
Tip 24 Oct 2018
Guide to identifying and preventing OSI model security risks: Layers 4 to 7

Each layer of the Open Systems Interconnection presents unique vulnerabilities that could move to other layers if not properly monitored. Here's how to establish risk mitigation strategies for OSI layer security in Layers 4 through 7. Continue Reading
By
- Daniel Allen, N2 Cyber Security Consultants
Tip 24 Oct 2018
How security, compliance standards prevent OSI layer vulnerabilities

Each layer of the Open Systems Interconnection presents unique -- but connected -- vulnerabilities. Here's how to establish OSI security and compliance best practices. Continue Reading
By
- Daniel Allen, N2 Cyber Security Consultants
Feature 02 Oct 2018
CISOs face third-party risk management challenges

Security professionals understand all too well what's at stake, and that's why more companies look to tighten up security with third parties. Continue Reading
By
- Steve Zurier, ZFeatures
Answer 21 Sep 2018
How can a compliance strategy improve customer trust?

Privacy compliance strategy can help build consumer trust and improve security if companies stop looking at the regulations as an obstacle and more as a business opportunity. Continue Reading
By
- Kassidy Kelley
Opinion 13 Aug 2018
Google's 'My Activity' data: Avoiding privacy and compliance risk

Google's Activity Controls create privacy and compliance risks for organizations, as well as a potential gold mine for social engineering hacks. Here's how to avoid those threats. Continue Reading
By
- Daniel Allen, N2 Cyber Security Consultants
News 27 Jul 2018
Cybersecurity and physical security: Key for 'smart' venues

With sustainability being a huge driver of modern business development, protecting consumers' cyber- and physical security is an essential element when designing smart cities and venues. Continue Reading
By
- Ben Cole, Executive Editor
Feature 26 Jun 2018
Identify gaps in cybersecurity processes to reduce organizational risk

Organizational risk is a given at modern companies. But as threats persist, identifying preventable cybersecurity gaps presents an opportunity to strengthen enterprise defenses. Continue Reading
By
- Mary K. Pratt
Tip 11 May 2016
Risk assessment analysis and BIA data in BC plans

Examine how BIA and RA data are used to formulate business continuity strategies. It's common to bypass these steps, but the data can result in more precise and focused BC plans. Continue Reading
By
- Paul Kirvan
Answer 06 Oct 2015
How can enterprises manage the cybersecurity skills gap?

Due to the demand for professionals with backgrounds in both computer science and networking, filling cybersecurity jobs is difficult. Technology will have to play a bigger role. Continue Reading
By
- Julian Weinberger, NCP engineering
Tip 27 Jan 2015
A CISO's introduction to enterprise data governance strategy

Every enterprise must have a viable strategy for protecting high-value data. See if your plan aligns with Francoise Gilbert's advice on top priorities to consider when defining data governance plans. Continue Reading
By
- Francoise Gilbert, Greenberg Traurig
News 30 May 2014

CIOs trumpet top-down, proactive digital enterprise security

In today's digital world, where consumers are increasingly connected and data is the new currency, enterprises must take a proactive security stance. Continue Reading

— SearchCompliance.com
Definition 01 Feb 2013
business continuity management (BCM)

Business continuity management (BCM) is a framework for identifying an organization's risk of exposure to internal and external threats. Continue Reading
By
- Karen Goulart
Definition 07 Mar 2011
control framework

A control framework is a data structure that organizes and categorizes an organization’s internal controls, which are practices and procedures established to create business value and minimize risk. Continue Reading
By
- TechTarget Contributor
News 06 Aug 2010

New class of compliance professionals will drive new certifications

Legislation such as the Sarbanes-Oxley Act is creating a new class of compliance professionals, but coming up with new certifications for them may not be so easy. Continue Reading

— IT Compliance Advisor
News 01 Jul 2010

A funny thing happened on the way to Sarbanes-Oxley Act compliance

The U.S. Supreme Court's narrow ruling this week on the Sarbanes-Oxley Act underscored how CIOs have capitalized on becoming SOX compliant. Continue Reading

— TotalCIO Blog
News 16 Apr 2010

Don't be a horror story! Why social media policies matter to the CIO

Social media policies are crucial in the age of Facebook and Twitter, where security and compliance risks abound. How can the CIO avoid social media notoriety? Continue Reading

— TotalCIO Blog
News 19 Mar 2010

Success with cloud applications calls for a strong data-privacy policy

Cloud applications are making headway in the public sector, as agency CIOs consider the ramifications on data-privacy policy and compliance concerns. Continue Reading

— SearchCIO.com
Tip 22 Jan 2010
Lack of incident response plan leaves hole in compliance strategy

Without an incident response plan, businesses can tend to be reactive rather than proactive when data breaches occur. Here are some steps to follow. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Tip 09 Sep 2009
Does using ISO 27000 to comply with PCI DSS make for better security?

PCI DSS is under fire for not providing enough security in the process of securing credit card data. Using ISO 27000 to complement PCI may provide better compliance and security. Continue Reading
By
- Mathieu Gorge, VigiTrust
???topicInfoType.aiog_content??? 29 Oct 2007

Regulatory compliance for the enterprise

The regulatory compliance for the enterprise All-in-One-Guide offer resources from various TechTarget sites for all levels of IT employees and from multiple angles. Continue Reading

— l
News 03 Jul 2007

House votes to give small companies more time on Sarbanes-Oxley

The U.S. House of Representatives moved toward giving small companies an additional year to adhere to the Sarbanes-Oxley Act's accounting rules, which are being revised by the Securities and Exchange Commission. Continue Reading

— Bloomberg L.P.
News 12 Jun 2007

Retailers face deadline for security standard

Credit card firms are giving merchants until June 30 to comply with the Payment Card Industry Data Security Standard, which is designed to protect users from online theft. Teranet discusses what it had to do. Continue Reading

— ITBusiness.ca
News 09 Jan 2007

Securities fraud suits down, accounting complaints up

The number of class actions filed alleging securities fraud plummeted in 2006, due in part to tougher enforcement, according to a study released by Stanford Law School. Continue Reading

— SmartPros Ltd.
News 10 Nov 2006

Data governance rises to top of compliance efforts

Analysts in the field of regulatory compliance say enterprises should increasingly build their IT auditing processes around database governance efforts. Continue Reading

— eWEEK
News 29 Sep 2006

Greenspan says to dump Sarbanes-Oxley

The Sarbanes-Oxley Act is doing more harm than good and must be overhauled, Alan Greenspan told a technology audience in Boston. Continue Reading

— eWEEK
News 28 Feb 2006

Compliance costs too high, says SIA report

According to a study released Monday by the Securities Industry Association (SIA), the cost of compliance has nearly doubled in the past three years. The good news: SIA says you don't have to be spending so much. Continue Reading

— Reuters
News 03 May 2005

Opinion: SOX is stinking up 2005

It's official: The Sarbanes-Oxley costs -- in time and money -- are rising higher than anyone expected and there may be a backlash before the calendar year is out. Continue Reading

— CNET News.com
News 14 Mar 2005

Preparing for a SOX audit

If your number comes up for a Sarbanes-Oxley audit, don't panic. A compliance expert offers five tips to help IT administrators meet the challenge. Continue Reading

— SearchWinIT.com
News 14 Mar 2005

How to (really) address HIPAA

The deadline for HIPAA messaging security compliance is right around the corner. Find out what you need to do to meet the new federal secure messaging requirements. Continue Reading

— SearchExchange.com