Risk and compliance strategies and best practices

Enterprise risk and compliance processes are a vital component of successful businesses in the digital age as companies struggle with constantly evolving data threats and regulatory mandates. Read news and tips to assist with risk and compliance strategies, including advice to streamline data governance efforts to help keep business information compliant and secure.

Top Stories

Feature 03 Mar 2023
12 top enterprise risk management trends in 2023

The 2023 trends that are reshaping the risk management landscape include GRC platforms, maturity frameworks, risk appetite statements and the CIO's critical role in promoting ERM. Continue Reading
Tip 23 Jan 2023
4 tips to find cyber insurance coverage in 2023

The cyber insurance industry is settling down but isn't without challenges. Read up on cyber insurance in 2023 and how to get the most from your organization's coverage this year. Continue Reading

Tip 25 Oct 2022

5 advantages and 6 disadvantages of open source software

Open source software is popular with both small and large organizations, and for good reason. But CIOs should understand which situations works best for this lower cost option. Continue Reading
Tip 01 Nov 2021

Where cloud cryptography fits in a security strategy

IT teams face a never-ending challenge as they try to secure data. When that data lives in the cloud, encryption is a key concern. Implement these data encryption tips and tools. Continue Reading
Tip 20 Oct 2021

14 potential costs of shadow IT

The use of unsanctioned software can cost enterprise -- a lot -- and not always in obvious ways. Here's a look at shadow IT costs CIOs should understand. Continue Reading
Tip 12 Oct 2021

What are the pros and cons of shadow IT?

As employees continue working remotely, the prevalence of shadow IT grows. This inevitability is forcing IT leaders to weigh the pros and cons of unsanctioned technology use. Continue Reading
Feature 12 Oct 2021

Top enterprise risk management certifications to consider

Certifications are essential to any career. Here are some enterprise risk management certifications for IT professionals. Continue Reading
Feature 12 Oct 2021

9 common risk management failures and how to avoid them

As enterprises rework their business models to meet the challenges ushered in by the pandemic, risks abound. Here are nine risk management failures to look out for. Continue Reading
Feature 12 Oct 2021

Traditional vs. enterprise risk management: How do they differ?

Traditional risk management and enterprise risk management are similar in their aim to mitigate risks that can harm a company. But there are important differences between the two. Continue Reading
Feature 12 Oct 2021

7 risk mitigation strategies to protect business operations

Enterprises facing a multitude of threats and vulnerabilities have several options to identify, manage and mitigate risks, including risk acceptance, avoidance and transference. Continue Reading
Feature 12 Oct 2021

4 basic types of business risks in the enterprise

As part of enterprise risk management, companies can mitigate many types of business risks by focusing on the underlying factors of people, processes, technologies and facilities. Continue Reading
Feature 12 Oct 2021

Implementing an enterprise risk management framework

A well-designed, all-inclusive ERM framework provides enterprises with a playbook to avert corporate disasters, generate competitive advantages and create business opportunities. Continue Reading
Feature 12 Oct 2021

ISO 31000 vs. COSO: Comparing risk management standards

ISO 31000 and the COSO ERM framework are the two most popular risk management standards. Here's what they include and some of their similarities and differences. Continue Reading
Feature 12 Oct 2021

Top 12 risk management skills and why you need them

Risk management is necessary at all levels of a business. Here are some skills needed to be a successful risk manager. Continue Reading
Feature 12 Oct 2021

Risk management process: What are the 5 steps?

While many organizations understand they must manage risk, implementing a risk management process is not always straightforward. Follow these five steps to ensure success. Continue Reading
Feature 12 Oct 2021

Risk appetite vs. risk tolerance: How are they different?

Risk appetite and risk tolerance are important risk terms that are related but not the same. Here's the difference, plus examples of risk appetite and risk tolerance statements. Continue Reading
Feature 12 Oct 2021

Enterprise risk management team: Roles and responsibilities

Every facet of an enterprise's operations is exposed to risk, requiring an all-encompassing risk management team composed of a diverse mix of corporate executives and managers. Continue Reading
Tip 07 Oct 2021

6 dangers of shadow IT and how to avoid them

When employees use unapproved devices and software, they create information security vulnerabilities. Here's a look at some of those risks and how IT can prevent them. Continue Reading
Tip 20 Sep 2021

Should companies pay after ransomware attacks? Is it illegal?

It's not a question of whether a company will fall prey to ransomware, but when. Executives should focus on deciding to pay or not pay the ransom and on any legal fallout. Continue Reading
Tip 30 Jun 2021

How to rank enterprise network security vulnerabilities

Risk management programs yield massive data on network security vulnerabilities. Infosec pros must rank risks to prioritize remediation efforts. Continue Reading
Tip 29 Jun 2021

Mitigate threats with a remote workforce risk assessment

Risk assessments are more necessary than ever as organizations face the challenge of protecting remote and hybrid workers alongside in-office employees. Continue Reading
Tip 24 May 2021

An adequacy audit checklist to assess project performance

Adequacy audits are conducted to assess the efficacy of IT system controls and identify areas for performance or other improvements. Use this audit checklist to get started. Continue Reading
News 12 May 2021

Funding is key to strengthening national cybersecurity

In the wake of the Colonial Pipeline ransomware attack, national cybersecurity experts make the case for additional funding during a Senate hearing. Continue Reading
Feature 15 Apr 2021

Managing cybersecurity during the pandemic and in the new digital age

Roota Almeida, CISO at Delta Dental of New Jersey and Delta Dental of Connecticut, talks about the cybersecurity threats she's seen over the last year and how she's effectively managing her security team. Continue Reading
Tip 09 Dec 2020

Key SOC metrics and KPIs: How to define and use them

Enterprises struggle to get the most out of their security operation centers. Using the proper SOC metrics and KPIs can help. Learn how to define and benefit from them here. Continue Reading
Opinion 18 Sep 2020

Trump's dangerous US TikTok ban

President Trump's U.S. TikTok ban over national security is resting on a vague foundation. The concern can be applied to multiple industries and products. Continue Reading
Feature 18 Sep 2020

MSP roles and responsibilities are undergoing rapid change -- here's why

It's a new era for managed service providers and CIOs. MSPs increasingly act as strategic partners, helping IT teams fulfill the outsized role technology plays in business success. Continue Reading
Tip 02 Sep 2020

How to ensure cybersecurity and business continuity plans align

We're diving into how and why organizations should have a collection of emergency-focused plans in place that can interact with each other if a cybersecurity attack occurs. Continue Reading
Tip 24 Aug 2020

The 7 elements of an enterprise cybersecurity culture

An effective 'human firewall' can prevent or mitigate many of the threats enterprises face today. Adopt these seven elements of a culture of cybersecurity to defend against risks. Continue Reading
Feature 19 Aug 2020

How to maintain cybersecurity remotely during the pandemic

In the second 2020 MIT Sloan CIO Digital Learning Series, a panel of IT security leaders discussed how they are keeping their organizations secure in a COVID-19 environment. Continue Reading
Guest Post 06 Aug 2020

The contradiction of post COVID-19 risk management

Security vs. usability is always a constant struggle for security teams. The rapid change to remote access during the pandemic has forced companies to revisit their risk management approach. Continue Reading
Feature 21 Jul 2020

Where ISO certification fits in a risk mitigation strategy

Thomas Johnson explores why ISO certification helps organizations as part of their risk mitigation strategy in business continuity planning as companies adjust to the new normal. Continue Reading
Tip 21 Jul 2020

Why IT leaders need to be aware of deepfake security risks

While IT security leaders are not yet the target of deepfake attacks, with the increased use of AI, it's important they consider how it can be of harm to the enterprise. Continue Reading
Podcast 20 Jul 2020

ICIP IoT training: Get started with IoT risk management

Organizations must assess and prioritize risk management in their IoT investment to ensure their data and information assets are protected without overspending. Continue Reading
Tip 19 Jun 2020

Tackle ICS IoT security challenges with 6 processes

With more cyberattacks targeting industrial systems with IIoT, vendors, developers and manufacturers must incorporate ICS security processes before, during and after development. Continue Reading
Feature 02 Jun 2020

Involve your security team in the decision-making process

It's time for businesses to include security teams in project planning -- even when it's not cybersecurity related -- because their experience provides diverse insights that might otherwise be missed. Continue Reading
Feature 12 May 2020

How to handle the risk of insider threats post-COVID-19

During these challenging times, organizations can't overlook the risk of insider threats as employees worry about layoffs, newly adopted remote working technology and more. Continue Reading
Feature 04 May 2020

Former White House CIO talks cybersecurity risk mitigation

Cybersecurity expert Theresa Payton provides critical insight on current cybersecurity threats CIOs should be looking out for and how to prepare for them during and after the pandemic. Continue Reading
Tip 19 Mar 2020

Plan and implement a GRC framework with this checklist

Whether planning or updating your governance, risk and compliance program, use this guide to help simplify the initiative and successfully implement a GRC framework. Continue Reading
Answer 10 Mar 2020

Risk management vs. risk assessment vs. risk analysis

Understanding risk is the first step to making informed budget and security decisions. Explore the differences between risk management vs. risk assessment vs. risk analysis. Continue Reading
Feature 28 Feb 2020

Cyberinsurance coverage reflects a changing threat landscape

A constant deluge of data breach disclosures has prompted an increase in cybersecurity insurance coverage adoption. Learn how a policy can enhance an enterprise risk management program. Continue Reading
Tip 24 Jan 2020

How IoT, 5G, RPA and AI are opening doors to cybersecurity threats

In the second part of a series on CIOs preparing for cyberthreats in 2020, we look at how emerging technologies like IoT and the cloud became vulnerable to cyberattacks in the last year. Continue Reading
Tip 14 Jan 2020

Preparing for the new forms of cybersecurity threats in 2020

In the first part of a series on the new forms of cyberthreats in 2020, we're diving into the many infiltration points being targeted today and why CIOs should be prepared. Continue Reading
Feature 17 Dec 2019

Data breach risk factors, response model, reporting and more

Dig into five data breach risk factors, and learn how the DRAMA data breach response model can help enterprises counter breaches in a timely and efficient manner. Continue Reading
Feature 16 Dec 2019

The ins and outs of cyber insurance coverage

Cyber insurance coverage can help companies successfully navigate the aftereffects of a data breach. However, choosing a policy in the first place can be confusing. Continue Reading
Feature 14 Nov 2019

Don't let edge computing security concerns derail your plans

Security concerns give many IT organizations pause when considering edge computing. But the potential problems can be overcome with proper planning and diligence. Continue Reading
Feature 06 Nov 2019

Navigate PII data protection and GDPR to meet privacy mandates

Know the commonalities surrounding personally identifiable information to better navigate and comply with the regulations and penalties IT managers must contend with today. Continue Reading
Tip 03 Oct 2019

Challenges vs. benefits of edge computing security

Organizations moving more compute to the edges of their networks must adjust how they protect and govern their data and devices. But what should you expect along the way? Continue Reading
Feature 16 Jul 2019

SEC's iXBRL requirements met with optimism -- and trepidation

Compliance with the SEC's new Inline XBRL requirements will change financial reporting processes. The benefits are there, but not everyone is optimistic about the change. Continue Reading
Feature 26 Jun 2019

Build a proactive cybersecurity approach that delivers

Whether it's zero-trust, adaptive security or just plain common sense, IT leaders must embrace an approach to IT security that's proactive, not reactive. Continue Reading
News 21 May 2019

Surveillance technology under fire, amid growing societal concerns

As San Francisco halts city use of facial recognition technology, CIOs could see more regulatory actions against surveillance technology -- and more limits on their use of data. Continue Reading
News 17 May 2019

Trump's move to ban Huawei a wake-up call for IT execs

The Trump administration's move to effectively ban Huawei products from U.S. networks has big implications for IT execs in charge of supply chain sourcing and security. Continue Reading
Tip 06 May 2019

6 potential blockchain limitations for enterprise use

The potential benefits of blockchain for enterprise use must be weighed against blockchain's limitations. Here are six. Continue Reading
Feature 15 Mar 2019

The urgent need for enterprise AI governance -- and where to start

By 2022, 65% of CIOs will be tasked with modernizing governance policies to reflect the risks and opportunities posed by AI technologies. Here's why it can't be a one-person job. Continue Reading
News 25 Feb 2019

UNICEF investment in 6 blockchain startups extends mission

UNICEF's investment in blockchain startups extends its mission and also underscores the particularity of scenarios where blockchain promises to be the optimal solution. Continue Reading
News 18 Feb 2019

Accenture predicts post-digital age where trust is the differentiator

The latest Accenture Technology Vision report calls out 'DARQ' technologies as the new must-have for CIOs and underscores the importance of building digital trust. Continue Reading
Feature 25 Jan 2019

Barclays Bank takes a crack at IBM's quantum computer

Quantum computing may one day explain the universe. Today, the biggest challenge for an early adopter is making the problem sufficiently simple to run on a quantum computer. Continue Reading
Feature 23 Jan 2019

CIOs share their 2019 tech resolutions

We asked five CIOs to share their tech resolutions for the new year. Ambition is sky high. Projects include RPA, AI that can handle sensitive data, scaling the business and more. Continue Reading
News 21 Jan 2019

5 IT trends shaping 2019 CIO strategies

Tech executives sound off on the IT trends they see shaping CIO strategies in 2019. AI and cloud loom large, but the test for CIOs is not just technical. Continue Reading
News 03 Jan 2019

Top drivers of digital transformation projects have inward focus

Our IT Priorities Survey shows that close to 70% of companies are pursuing digital transformation. Learn what metrics they're targeting and how they're spending 2019 IT budgets. Continue Reading
Feature 20 Dec 2018

Security, compliance standards help mitigate BIOS security vulnerabilities

Cybersecurity vulnerabilities associated with PCs often overlook BIOS. Read for strategies to offset these threats and for preventing unauthorized BIOS modifications. Continue Reading
Feature 19 Dec 2018

2018 articles spotlight innovation's cybersecurity and compliance risk

The top 2018 cybersecurity and compliance articles make a few things clear: digitization increases risk and requires innovative strategies to protect against evolving data threats. Continue Reading
Blog Post 30 Nov 2018

Include dark web security strategies to strengthen security framework

As dark web security threats rise, enterprises should begin incorporating strategies to understand and implement dark web cyber-security measures. Continue Reading
Feature 30 Nov 2018

The future of data security threats and protection in the enterprise

The future of data security faces new threats at an ever-increasing rate. Read one expert's advice on having a data security strategy to assess and manage enterprise data security. Continue Reading
Tip 26 Nov 2018

4 cloud-based e-discovery strategies to target containerized data

A cloud migration requires evaluating any existing information governance programs. E-discovery in the cloud and for container-based data platforms requires a detailed strategy. Continue Reading
Tip 26 Nov 2018

E-discovery in the cloud introduces security, compliance issues

E-discovery is still reliable for organizing and preserving data for legal compliance, but e-discovery in the cloud and container-based storage complicate governance processes. Continue Reading
News 21 Nov 2018

Risk assessments essential to secure third-party vendor management

Panelists at Infosec North America advised those charged with third-party vendor management to perform due diligence and assess the innate risk vendors create for business processes. Continue Reading
Feature 16 Nov 2018

What are the top IoT security challenges in corporate settings?

Extended product lifecycles, consumer apathy and lacking federal regulation lead the top IoT security challenges in corporate settings. Continue Reading
News 31 Oct 2018

HBS panel discusses regulating social media platforms

At Harvard Business School's recent Tech Conference 24, three panelists discussed the potential need for regulating social media platforms by an independent, quasi-governmental system. Continue Reading
News 24 Oct 2018

Cybersecurity culture: Arrow in CIOs' quiver to fight cyberthreats

Who should own your cybersecurity culture? How can we protect rampant IoT devices? MIT Sloan researchers clued CIOs into their latest research at Tuesday's SIM Boston Summit. Continue Reading
Tip 24 Oct 2018

Guide to identifying and preventing OSI model security risks: Layers 4 to 7

Each layer of the Open Systems Interconnection presents unique vulnerabilities that could move to other layers if not properly monitored. Here's how to establish risk mitigation strategies for OSI layer security in Layers 4 through 7. Continue Reading
Tip 24 Oct 2018

How security, compliance standards prevent OSI layer vulnerabilities

Each layer of the Open Systems Interconnection presents unique -- but connected -- vulnerabilities. Here's how to establish OSI security and compliance best practices. Continue Reading
News 22 Oct 2018

ISSA International Conference 2018: Implement DoD-level security

The ISSA International 2018 Conference offers solutions for complicated privacy risks, and consultant Jeffrey Man counsels execs to take the DoD's approach to security maintenance. Continue Reading
Feature 02 Oct 2018

CISOs face third-party risk management challenges

Security professionals understand all too well what's at stake, and that's why more companies look to tighten up security with third parties. Continue Reading
Feature 01 Oct 2018

The benefits of IAM processes, strategies for digitized companies

After regulatory compliance and audit requirements forced Raymond James Financial to re-examine its IAM processes, the company is now reaping the business benefits of IAM. Continue Reading
Answer 21 Sep 2018

How can a compliance strategy improve customer trust?

Privacy compliance strategy can help build consumer trust and improve security if companies stop looking at the regulations as an obstacle and more as a business opportunity. Continue Reading
News 13 Sep 2018

Federal privacy regulations usher in the age of tech lawmakers

Big tech and privacy advocates are lobbying for dramatically different federal data privacy rights. CIOs should pay attention to whom -- and what -- the legislation seeks to regulate. Continue Reading
Tip 12 Sep 2018

4 GDPR strategy tips to bring IT processes up to speed

The GDPR deadline has long passed, but U.S. companies remain behind on compliance. Experts provide GDPR compliance tips to make sure IT is on the right side of the privacy rules. Continue Reading
Tip 31 Aug 2018

Overcoming multi-cloud's risks, regulatory compliance challenges

Companies adopting multi-cloud data management models face numerous regulatory compliance challenges, but IT governance strategies are helping them protect disparate information. Continue Reading
Feature 31 Aug 2018

Survey: IT leaders invest to improve cybersecurity, compliance

As companies outgrow dated data protection and compliance management systems, IT leaders are making an investment in cybersecurity to avoid risk and stare down regulatory mandates. Continue Reading
Feature 24 Aug 2018

Mandates create new GDPR roles, processes for compliant companies

As companies tweak IT processes to maintain General Data Protection Regulation compliance, the regulation raises questions about new, privacy-centric GDPR roles and responsibilities. Continue Reading
Feature 24 Aug 2018

Legal 'gray areas' holding back GDPR compliance program maturity

The regulation has been in place for months, but many companies are still behind with their GDPR compliance programs. Will it take a major violation to get companies to pay attention? Continue Reading
Feature 17 Aug 2018

5 strategies to address the GDPR data management conundrum

As IT executives continue to wrap their heads around GDPR, strategies are emerging to ease its data management compliance burden. Here are five that are already proving effective. Continue Reading
Opinion 13 Aug 2018

Google's 'My Activity' data: Avoiding privacy and compliance risk

Google's Activity Controls create privacy and compliance risks for organizations, as well as a potential gold mine for social engineering hacks. Here's how to avoid those threats. Continue Reading
Blog Post 31 Jul 2018

Cybersecurity trend watch: The power of data

It's no secret that data equals power in the digital marketplace, making strategies to protect that data a valuable business asset. The fast pace of IT advancement also makes the cybersecurity ... Continue Reading
Blog Post 31 Jul 2018

Cybersecurity trend watch: Data protection's business influence

As business leaders continue to realize the bottom line value of data protection, the cybersecurity market is already ripe for disruption. At the Gartner Security & Risk Management Summit in ... Continue Reading
News 27 Jul 2018

Cybersecurity and physical security: Key for 'smart' venues

With sustainability being a huge driver of modern business development, protecting consumers' cyber- and physical security is an essential element when designing smart cities and venues. Continue Reading
Feature 24 Jul 2018

McAfee CISO: The importance of a strong cybersecurity culture

For McAfee CISO Grant Bourzikas, building a strong cyberdefense culture is essential because employees are the first line of defense to avoid rapidly evolving cybersecurity risks. Continue Reading
Feature 24 Jul 2018

McAfee CISO: Leadership buy-in essential to boost cybersecurity

As online risks continue to evolve, making sure company leadership buys in to efforts to improve cybersecurity posture has become essential, says McAfee CISO Grant Bourzikas. Continue Reading
Feature 26 Jun 2018

Identify gaps in cybersecurity processes to reduce organizational risk

Organizational risk is a given at modern companies. But as threats persist, identifying preventable cybersecurity gaps presents an opportunity to strengthen enterprise defenses. Continue Reading
News 22 Jun 2018

Herjavec: Cybersecurity investment now a priority for CEOs, boards

How did Robert Herjavec, CEO of a global IT security firm and star of ABC's 'Shark Tank,' know cybersecurity was gaining traction? He started getting meetings with the C-suite. Continue Reading
Feature 14 Jun 2018

Six barriers to digital transformation; CIO strategies to conquer them

CIOs are under pressure to help companies find their digital mojo, but challenges abound. Learn about the top six barriers to digital transformation -- and how to vanquish them. Continue Reading
Tip 31 May 2018

GDPR and AI: Data collection documentation essential to compliance

It's important to remember that artificial intelligence data and AI algorithms must hold up against GDPR regulations. Here's where GDPR and AI intersect and what CIOs can do to remain compliant. Continue Reading
Feature 30 May 2018

Blockchain as a service expected to entice CIOs to test waters

AWS' Blockchain Templates offering, along with a host of other big vendor blockchain products, will spur a 'tsunami of tests.' Blockchain adoption by business is another matter. Continue Reading
News 16 May 2018

Build a culture of innovation on PaaS platforms

Tech execs from Deutsche Bank and Experian at the Red Hat Summit in San Francisco shared their thoughts on reaping the benefits of PaaS platforms by addressing the risks head-on. Continue Reading
Feature 08 May 2018

CIO uses master data management to speed digitalization

IMA Financial Group CIO Michelle Vercellino's effort to clean up, protect and govern the firm's data is an important step in the firm's quest for 'data intelligence.' Continue Reading
News 16 Mar 2018

Ex-Equifax CIO's insider trading indictment a red flag for IT execs

A former Equifax CIO has been indicted for insider trading following the company's 2017 data breach. Will it force IT execs to reexamine the importance of proper breach response? Continue Reading
News 06 Mar 2018

IBM's cloud strategy homes in on developers

To boost its profile in IaaS, IBM's cloud strategy has shifted focus from CIOs to developers. Whether the multipronged appeal to developers will pan out remains an open question. Continue Reading
Blog Post 28 Feb 2018

Survey: Attorneys still lack proficiency in e-discovery technology

E-discovery technology has become an integral -- and essential -- element of the modern legal process, but a new report suggests attorneys are still struggling to embrace the technology. A survey ... Continue Reading
Feature 28 Feb 2018

New tech creates new attack vectors, cybersecurity vulnerabilities

CISO John Germain explains how tech like AI and IoT are revolutionizing business -- and creating new cybersecurity vulnerabilities as data protection is left on the back burner. Continue Reading
Answer 28 Feb 2018

Is end user training essential to data loss prevention program success?

Regulations like the GDPR promise to enforce stricter data protection rules. While a data loss prevention program can help, it requires end-user training to ease adoption. Continue Reading
Feature 27 Feb 2018

Tech, growing data sets complicate enterprise cybersecurity strategy

Emerging tech has grown companies' data sets and made IT environments increasingly complex. As IT capabilities evolve, enterprise cybersecurity strategy is struggling to keep up. Continue Reading