Risk and compliance strategies and best practices
Enterprise risk and compliance processes are a vital component of successful businesses in the digital age as companies struggle with constantly evolving data threats and regulatory mandates. Read news and tips to assist with risk and compliance strategies, including advice to streamline data governance efforts to help keep business information compliant and secure.
Top Stories
-
Feature
03 Mar 2023
12 top enterprise risk management trends in 2023
The 2023 trends that are reshaping the risk management landscape include GRC platforms, maturity frameworks, risk appetite statements and the CIO's critical role in promoting ERM. Continue Reading
-
Tip
23 Jan 2023
4 tips to find cyber insurance coverage in 2023
The cyber insurance industry is settling down but isn't without challenges. Read up on cyber insurance in 2023 and how to get the most from your organization's coverage this year. Continue Reading
-
Tip
25 Oct 2022
5 advantages and 6 disadvantages of open source software
Open source software is popular with both small and large organizations, and for good reason. But CIOs should understand which situations works best for this lower cost option. Continue Reading
-
Tip
01 Nov 2021
Where cloud cryptography fits in a security strategy
IT teams face a never-ending challenge as they try to secure data. When that data lives in the cloud, encryption is a key concern. Implement these data encryption tips and tools. Continue Reading
-
Tip
20 Oct 2021
14 potential costs of shadow IT
The use of unsanctioned software can cost enterprise -- a lot -- and not always in obvious ways. Here's a look at shadow IT costs CIOs should understand. Continue Reading
-
Tip
12 Oct 2021
What are the pros and cons of shadow IT?
As employees continue working remotely, the prevalence of shadow IT grows. This inevitability is forcing IT leaders to weigh the pros and cons of unsanctioned technology use. Continue Reading
-
Feature
12 Oct 2021
Top enterprise risk management certifications to consider
Certifications are essential to any career. Here are some enterprise risk management certifications for IT professionals. Continue Reading
-
Feature
12 Oct 2021
9 common risk management failures and how to avoid them
As enterprises rework their business models to meet the challenges ushered in by the pandemic, risks abound. Here are nine risk management failures to look out for. Continue Reading
-
Feature
12 Oct 2021
Traditional vs. enterprise risk management: How do they differ?
Traditional risk management and enterprise risk management are similar in their aim to mitigate risks that can harm a company. But there are important differences between the two. Continue Reading
-
Feature
12 Oct 2021
7 risk mitigation strategies to protect business operations
Enterprises facing a multitude of threats and vulnerabilities have several options to identify, manage and mitigate risks, including risk acceptance, avoidance and transference. Continue Reading
-
Feature
12 Oct 2021
4 basic types of business risks in the enterprise
As part of enterprise risk management, companies can mitigate many types of business risks by focusing on the underlying factors of people, processes, technologies and facilities. Continue Reading
-
Feature
12 Oct 2021
Implementing an enterprise risk management framework
A well-designed, all-inclusive ERM framework provides enterprises with a playbook to avert corporate disasters, generate competitive advantages and create business opportunities. Continue Reading
-
Feature
12 Oct 2021
ISO 31000 vs. COSO: Comparing risk management standards
ISO 31000 and the COSO ERM framework are the two most popular risk management standards. Here's what they include and some of their similarities and differences. Continue Reading
-
Feature
12 Oct 2021
Top 12 risk management skills and why you need them
Risk management is necessary at all levels of a business. Here are some skills needed to be a successful risk manager. Continue Reading
-
Feature
12 Oct 2021
Risk management process: What are the 5 steps?
While many organizations understand they must manage risk, implementing a risk management process is not always straightforward. Follow these five steps to ensure success. Continue Reading
-
Feature
12 Oct 2021
Risk appetite vs. risk tolerance: How are they different?
Risk appetite and risk tolerance are important risk terms that are related but not the same. Here's the difference, plus examples of risk appetite and risk tolerance statements. Continue Reading
-
Feature
12 Oct 2021
Enterprise risk management team: Roles and responsibilities
Every facet of an enterprise's operations is exposed to risk, requiring an all-encompassing risk management team composed of a diverse mix of corporate executives and managers. Continue Reading
-
Tip
07 Oct 2021
6 dangers of shadow IT and how to avoid them
When employees use unapproved devices and software, they create information security vulnerabilities. Here's a look at some of those risks and how IT can prevent them. Continue Reading
-
Tip
20 Sep 2021
Should companies pay after ransomware attacks? Is it illegal?
It's not a question of whether a company will fall prey to ransomware, but when. Executives should focus on deciding to pay or not pay the ransom and on any legal fallout. Continue Reading
-
Tip
30 Jun 2021
How to rank enterprise network security vulnerabilities
Risk management programs yield massive data on network security vulnerabilities. Infosec pros must rank risks to prioritize remediation efforts. Continue Reading
-
Tip
29 Jun 2021
Mitigate threats with a remote workforce risk assessment
Risk assessments are more necessary than ever as organizations face the challenge of protecting remote and hybrid workers alongside in-office employees. Continue Reading
-
Tip
24 May 2021
An adequacy audit checklist to assess project performance
Adequacy audits are conducted to assess the efficacy of IT system controls and identify areas for performance or other improvements. Use this audit checklist to get started. Continue Reading
-
News
12 May 2021
Funding is key to strengthening national cybersecurity
In the wake of the Colonial Pipeline ransomware attack, national cybersecurity experts make the case for additional funding during a Senate hearing. Continue Reading
-
Feature
15 Apr 2021
Managing cybersecurity during the pandemic and in the new digital age
Roota Almeida, CISO at Delta Dental of New Jersey and Delta Dental of Connecticut, talks about the cybersecurity threats she's seen over the last year and how she's effectively managing her security team. Continue Reading
-
Tip
09 Dec 2020
Key SOC metrics and KPIs: How to define and use them
Enterprises struggle to get the most out of their security operation centers. Using the proper SOC metrics and KPIs can help. Learn how to define and benefit from them here. Continue Reading
-
Opinion
18 Sep 2020
Trump's dangerous US TikTok ban
President Trump's U.S. TikTok ban over national security is resting on a vague foundation. The concern can be applied to multiple industries and products. Continue Reading
-
Feature
18 Sep 2020
MSP roles and responsibilities are undergoing rapid change -- here's why
It's a new era for managed service providers and CIOs. MSPs increasingly act as strategic partners, helping IT teams fulfill the outsized role technology plays in business success. Continue Reading
-
Tip
02 Sep 2020
How to ensure cybersecurity and business continuity plans align
We're diving into how and why organizations should have a collection of emergency-focused plans in place that can interact with each other if a cybersecurity attack occurs. Continue Reading
-
Tip
24 Aug 2020
The 7 elements of an enterprise cybersecurity culture
An effective 'human firewall' can prevent or mitigate many of the threats enterprises face today. Adopt these seven elements of a culture of cybersecurity to defend against risks. Continue Reading
-
Feature
19 Aug 2020
How to maintain cybersecurity remotely during the pandemic
In the second 2020 MIT Sloan CIO Digital Learning Series, a panel of IT security leaders discussed how they are keeping their organizations secure in a COVID-19 environment. Continue Reading
-
Guest Post
06 Aug 2020
The contradiction of post COVID-19 risk management
Security vs. usability is always a constant struggle for security teams. The rapid change to remote access during the pandemic has forced companies to revisit their risk management approach. Continue Reading
-
Feature
21 Jul 2020
Where ISO certification fits in a risk mitigation strategy
Thomas Johnson explores why ISO certification helps organizations as part of their risk mitigation strategy in business continuity planning as companies adjust to the new normal. Continue Reading
-
Tip
21 Jul 2020
Why IT leaders need to be aware of deepfake security risks
While IT security leaders are not yet the target of deepfake attacks, with the increased use of AI, it's important they consider how it can be of harm to the enterprise. Continue Reading
-
Podcast
20 Jul 2020
ICIP IoT training: Get started with IoT risk management
Organizations must assess and prioritize risk management in their IoT investment to ensure their data and information assets are protected without overspending. Continue Reading
-
Tip
19 Jun 2020
Tackle ICS IoT security challenges with 6 processes
With more cyberattacks targeting industrial systems with IIoT, vendors, developers and manufacturers must incorporate ICS security processes before, during and after development. Continue Reading
-
Feature
02 Jun 2020
Involve your security team in the decision-making process
It's time for businesses to include security teams in project planning -- even when it's not cybersecurity related -- because their experience provides diverse insights that might otherwise be missed. Continue Reading
-
Feature
12 May 2020
How to handle the risk of insider threats post-COVID-19
During these challenging times, organizations can't overlook the risk of insider threats as employees worry about layoffs, newly adopted remote working technology and more. Continue Reading
-
Feature
04 May 2020
Former White House CIO talks cybersecurity risk mitigation
Cybersecurity expert Theresa Payton provides critical insight on current cybersecurity threats CIOs should be looking out for and how to prepare for them during and after the pandemic. Continue Reading
-
Tip
19 Mar 2020
Plan and implement a GRC framework with this checklist
Whether planning or updating your governance, risk and compliance program, use this guide to help simplify the initiative and successfully implement a GRC framework. Continue Reading
-
Answer
10 Mar 2020
Risk management vs. risk assessment vs. risk analysis
Understanding risk is the first step to making informed budget and security decisions. Explore the differences between risk management vs. risk assessment vs. risk analysis. Continue Reading
-
Feature
28 Feb 2020
Cyberinsurance coverage reflects a changing threat landscape
A constant deluge of data breach disclosures has prompted an increase in cybersecurity insurance coverage adoption. Learn how a policy can enhance an enterprise risk management program. Continue Reading
-
Tip
24 Jan 2020
How IoT, 5G, RPA and AI are opening doors to cybersecurity threats
In the second part of a series on CIOs preparing for cyberthreats in 2020, we look at how emerging technologies like IoT and the cloud became vulnerable to cyberattacks in the last year. Continue Reading
-
Tip
14 Jan 2020
Preparing for the new forms of cybersecurity threats in 2020
In the first part of a series on the new forms of cyberthreats in 2020, we're diving into the many infiltration points being targeted today and why CIOs should be prepared. Continue Reading
-
Feature
17 Dec 2019
Data breach risk factors, response model, reporting and more
Dig into five data breach risk factors, and learn how the DRAMA data breach response model can help enterprises counter breaches in a timely and efficient manner. Continue Reading
-
Feature
16 Dec 2019
The ins and outs of cyber insurance coverage
Cyber insurance coverage can help companies successfully navigate the aftereffects of a data breach. However, choosing a policy in the first place can be confusing. Continue Reading
-
Feature
14 Nov 2019
Don't let edge computing security concerns derail your plans
Security concerns give many IT organizations pause when considering edge computing. But the potential problems can be overcome with proper planning and diligence. Continue Reading
-
Feature
06 Nov 2019
Navigate PII data protection and GDPR to meet privacy mandates
Know the commonalities surrounding personally identifiable information to better navigate and comply with the regulations and penalties IT managers must contend with today. Continue Reading
-
Tip
03 Oct 2019
Challenges vs. benefits of edge computing security
Organizations moving more compute to the edges of their networks must adjust how they protect and govern their data and devices. But what should you expect along the way? Continue Reading
-
Feature
16 Jul 2019
SEC's iXBRL requirements met with optimism -- and trepidation
Compliance with the SEC's new Inline XBRL requirements will change financial reporting processes. The benefits are there, but not everyone is optimistic about the change. Continue Reading
-
Feature
26 Jun 2019
Build a proactive cybersecurity approach that delivers
Whether it's zero-trust, adaptive security or just plain common sense, IT leaders must embrace an approach to IT security that's proactive, not reactive. Continue Reading
-
News
21 May 2019
Surveillance technology under fire, amid growing societal concerns
As San Francisco halts city use of facial recognition technology, CIOs could see more regulatory actions against surveillance technology -- and more limits on their use of data. Continue Reading
-
News
17 May 2019
Trump's move to ban Huawei a wake-up call for IT execs
The Trump administration's move to effectively ban Huawei products from U.S. networks has big implications for IT execs in charge of supply chain sourcing and security. Continue Reading
-
Tip
06 May 2019
6 potential blockchain limitations for enterprise use
The potential benefits of blockchain for enterprise use must be weighed against blockchain's limitations. Here are six. Continue Reading
-
Feature
15 Mar 2019
The urgent need for enterprise AI governance -- and where to start
By 2022, 65% of CIOs will be tasked with modernizing governance policies to reflect the risks and opportunities posed by AI technologies. Here's why it can't be a one-person job. Continue Reading
-
News
25 Feb 2019
UNICEF investment in 6 blockchain startups extends mission
UNICEF's investment in blockchain startups extends its mission and also underscores the particularity of scenarios where blockchain promises to be the optimal solution. Continue Reading
-
News
18 Feb 2019
Accenture predicts post-digital age where trust is the differentiator
The latest Accenture Technology Vision report calls out 'DARQ' technologies as the new must-have for CIOs and underscores the importance of building digital trust. Continue Reading
-
Feature
25 Jan 2019
Barclays Bank takes a crack at IBM's quantum computer
Quantum computing may one day explain the universe. Today, the biggest challenge for an early adopter is making the problem sufficiently simple to run on a quantum computer. Continue Reading
-
Feature
23 Jan 2019
CIOs share their 2019 tech resolutions
We asked five CIOs to share their tech resolutions for the new year. Ambition is sky high. Projects include RPA, AI that can handle sensitive data, scaling the business and more. Continue Reading
-
News
21 Jan 2019
5 IT trends shaping 2019 CIO strategies
Tech executives sound off on the IT trends they see shaping CIO strategies in 2019. AI and cloud loom large, but the test for CIOs is not just technical. Continue Reading
-
News
03 Jan 2019
Top drivers of digital transformation projects have inward focus
Our IT Priorities Survey shows that close to 70% of companies are pursuing digital transformation. Learn what metrics they're targeting and how they're spending 2019 IT budgets. Continue Reading
-
Feature
20 Dec 2018
Security, compliance standards help mitigate BIOS security vulnerabilities
Cybersecurity vulnerabilities associated with PCs often overlook BIOS. Read for strategies to offset these threats and for preventing unauthorized BIOS modifications. Continue Reading
-
Feature
19 Dec 2018
2018 articles spotlight innovation's cybersecurity and compliance risk
The top 2018 cybersecurity and compliance articles make a few things clear: digitization increases risk and requires innovative strategies to protect against evolving data threats. Continue Reading
-
Blog Post
30 Nov 2018
Include dark web security strategies to strengthen security framework
As dark web security threats rise, enterprises should begin incorporating strategies to understand and implement dark web cyber-security measures. Continue Reading
-
Feature
30 Nov 2018
The future of data security threats and protection in the enterprise
The future of data security faces new threats at an ever-increasing rate. Read one expert's advice on having a data security strategy to assess and manage enterprise data security. Continue Reading
-
Tip
26 Nov 2018
4 cloud-based e-discovery strategies to target containerized data
A cloud migration requires evaluating any existing information governance programs. E-discovery in the cloud and for container-based data platforms requires a detailed strategy. Continue Reading
-
Tip
26 Nov 2018
E-discovery in the cloud introduces security, compliance issues
E-discovery is still reliable for organizing and preserving data for legal compliance, but e-discovery in the cloud and container-based storage complicate governance processes. Continue Reading
-
News
21 Nov 2018
Risk assessments essential to secure third-party vendor management
Panelists at Infosec North America advised those charged with third-party vendor management to perform due diligence and assess the innate risk vendors create for business processes. Continue Reading
-
Feature
16 Nov 2018
What are the top IoT security challenges in corporate settings?
Extended product lifecycles, consumer apathy and lacking federal regulation lead the top IoT security challenges in corporate settings. Continue Reading
-
News
31 Oct 2018
HBS panel discusses regulating social media platforms
At Harvard Business School's recent Tech Conference 24, three panelists discussed the potential need for regulating social media platforms by an independent, quasi-governmental system. Continue Reading
-
News
24 Oct 2018
Cybersecurity culture: Arrow in CIOs' quiver to fight cyberthreats
Who should own your cybersecurity culture? How can we protect rampant IoT devices? MIT Sloan researchers clued CIOs into their latest research at Tuesday's SIM Boston Summit. Continue Reading
-
Tip
24 Oct 2018
Guide to identifying and preventing OSI model security risks: Layers 4 to 7
Each layer of the Open Systems Interconnection presents unique vulnerabilities that could move to other layers if not properly monitored. Here's how to establish risk mitigation strategies for OSI layer security in Layers 4 through 7. Continue Reading
-
Tip
24 Oct 2018
How security, compliance standards prevent OSI layer vulnerabilities
Each layer of the Open Systems Interconnection presents unique -- but connected -- vulnerabilities. Here's how to establish OSI security and compliance best practices. Continue Reading
-
News
22 Oct 2018
ISSA International Conference 2018: Implement DoD-level security
The ISSA International 2018 Conference offers solutions for complicated privacy risks, and consultant Jeffrey Man counsels execs to take the DoD's approach to security maintenance. Continue Reading
-
Feature
02 Oct 2018
CISOs face third-party risk management challenges
Security professionals understand all too well what's at stake, and that's why more companies look to tighten up security with third parties. Continue Reading
-
Feature
01 Oct 2018
The benefits of IAM processes, strategies for digitized companies
After regulatory compliance and audit requirements forced Raymond James Financial to re-examine its IAM processes, the company is now reaping the business benefits of IAM. Continue Reading
-
Answer
21 Sep 2018
How can a compliance strategy improve customer trust?
Privacy compliance strategy can help build consumer trust and improve security if companies stop looking at the regulations as an obstacle and more as a business opportunity. Continue Reading
-
News
13 Sep 2018
Federal privacy regulations usher in the age of tech lawmakers
Big tech and privacy advocates are lobbying for dramatically different federal data privacy rights. CIOs should pay attention to whom -- and what -- the legislation seeks to regulate. Continue Reading
-
Tip
12 Sep 2018
4 GDPR strategy tips to bring IT processes up to speed
The GDPR deadline has long passed, but U.S. companies remain behind on compliance. Experts provide GDPR compliance tips to make sure IT is on the right side of the privacy rules. Continue Reading
-
Tip
31 Aug 2018
Overcoming multi-cloud's risks, regulatory compliance challenges
Companies adopting multi-cloud data management models face numerous regulatory compliance challenges, but IT governance strategies are helping them protect disparate information. Continue Reading
-
Feature
31 Aug 2018
Survey: IT leaders invest to improve cybersecurity, compliance
As companies outgrow dated data protection and compliance management systems, IT leaders are making an investment in cybersecurity to avoid risk and stare down regulatory mandates. Continue Reading
-
Feature
24 Aug 2018
Mandates create new GDPR roles, processes for compliant companies
As companies tweak IT processes to maintain General Data Protection Regulation compliance, the regulation raises questions about new, privacy-centric GDPR roles and responsibilities. Continue Reading
-
Feature
24 Aug 2018
Legal 'gray areas' holding back GDPR compliance program maturity
The regulation has been in place for months, but many companies are still behind with their GDPR compliance programs. Will it take a major violation to get companies to pay attention? Continue Reading
-
Feature
17 Aug 2018
5 strategies to address the GDPR data management conundrum
As IT executives continue to wrap their heads around GDPR, strategies are emerging to ease its data management compliance burden. Here are five that are already proving effective. Continue Reading
-
Opinion
13 Aug 2018
Google's 'My Activity' data: Avoiding privacy and compliance risk
Google's Activity Controls create privacy and compliance risks for organizations, as well as a potential gold mine for social engineering hacks. Here's how to avoid those threats. Continue Reading
-
Blog Post
31 Jul 2018
Cybersecurity trend watch: The power of data
It's no secret that data equals power in the digital marketplace, making strategies to protect that data a valuable business asset. The fast pace of IT advancement also makes the cybersecurity ... Continue Reading
-
Blog Post
31 Jul 2018
Cybersecurity trend watch: Data protection's business influence
As business leaders continue to realize the bottom line value of data protection, the cybersecurity market is already ripe for disruption. At the Gartner Security & Risk Management Summit in ... Continue Reading
-
News
27 Jul 2018
Cybersecurity and physical security: Key for 'smart' venues
With sustainability being a huge driver of modern business development, protecting consumers' cyber- and physical security is an essential element when designing smart cities and venues. Continue Reading
-
Feature
24 Jul 2018
McAfee CISO: The importance of a strong cybersecurity culture
For McAfee CISO Grant Bourzikas, building a strong cyberdefense culture is essential because employees are the first line of defense to avoid rapidly evolving cybersecurity risks. Continue Reading
-
Feature
24 Jul 2018
McAfee CISO: Leadership buy-in essential to boost cybersecurity
As online risks continue to evolve, making sure company leadership buys in to efforts to improve cybersecurity posture has become essential, says McAfee CISO Grant Bourzikas. Continue Reading
-
Feature
26 Jun 2018
Identify gaps in cybersecurity processes to reduce organizational risk
Organizational risk is a given at modern companies. But as threats persist, identifying preventable cybersecurity gaps presents an opportunity to strengthen enterprise defenses. Continue Reading
-
News
22 Jun 2018
Herjavec: Cybersecurity investment now a priority for CEOs, boards
How did Robert Herjavec, CEO of a global IT security firm and star of ABC's 'Shark Tank,' know cybersecurity was gaining traction? He started getting meetings with the C-suite. Continue Reading
-
Feature
14 Jun 2018
Six barriers to digital transformation; CIO strategies to conquer them
CIOs are under pressure to help companies find their digital mojo, but challenges abound. Learn about the top six barriers to digital transformation -- and how to vanquish them. Continue Reading
-
Tip
31 May 2018
GDPR and AI: Data collection documentation essential to compliance
It's important to remember that artificial intelligence data and AI algorithms must hold up against GDPR regulations. Here's where GDPR and AI intersect and what CIOs can do to remain compliant. Continue Reading
-
Feature
30 May 2018
Blockchain as a service expected to entice CIOs to test waters
AWS' Blockchain Templates offering, along with a host of other big vendor blockchain products, will spur a 'tsunami of tests.' Blockchain adoption by business is another matter. Continue Reading
-
News
16 May 2018
Build a culture of innovation on PaaS platforms
Tech execs from Deutsche Bank and Experian at the Red Hat Summit in San Francisco shared their thoughts on reaping the benefits of PaaS platforms by addressing the risks head-on. Continue Reading
-
Feature
08 May 2018
CIO uses master data management to speed digitalization
IMA Financial Group CIO Michelle Vercellino's effort to clean up, protect and govern the firm's data is an important step in the firm's quest for 'data intelligence.' Continue Reading
-
News
16 Mar 2018
Ex-Equifax CIO's insider trading indictment a red flag for IT execs
A former Equifax CIO has been indicted for insider trading following the company's 2017 data breach. Will it force IT execs to reexamine the importance of proper breach response? Continue Reading
-
News
06 Mar 2018
IBM's cloud strategy homes in on developers
To boost its profile in IaaS, IBM's cloud strategy has shifted focus from CIOs to developers. Whether the multipronged appeal to developers will pan out remains an open question. Continue Reading
-
Blog Post
28 Feb 2018
Survey: Attorneys still lack proficiency in e-discovery technology
E-discovery technology has become an integral -- and essential -- element of the modern legal process, but a new report suggests attorneys are still struggling to embrace the technology. A survey ... Continue Reading
-
Feature
28 Feb 2018
New tech creates new attack vectors, cybersecurity vulnerabilities
CISO John Germain explains how tech like AI and IoT are revolutionizing business -- and creating new cybersecurity vulnerabilities as data protection is left on the back burner. Continue Reading
-
Answer
28 Feb 2018
Is end user training essential to data loss prevention program success?
Regulations like the GDPR promise to enforce stricter data protection rules. While a data loss prevention program can help, it requires end-user training to ease adoption. Continue Reading
-
Feature
27 Feb 2018
Tech, growing data sets complicate enterprise cybersecurity strategy
Emerging tech has grown companies' data sets and made IT environments increasingly complex. As IT capabilities evolve, enterprise cybersecurity strategy is struggling to keep up. Continue Reading