Risk and compliance strategies and best practices

Enterprise risk and compliance processes are a vital component of successful businesses in the digital age as companies struggle with constantly evolving data threats and regulatory mandates. Read news and tips to assist with risk and compliance strategies, including advice to streamline data governance efforts to help keep business information compliant and secure.

Top Stories

Tip 08 Apr 2025
Ransomware payments: Considerations before paying

To pay or not to pay -- that's the question after a ransomware attack. Law enforcement recommends against it, but that doesn't stop some companies from paying up. Continue Reading
By
- Kyle Johnson, Technology Editor
Tip 13 Mar 2024
17 potential costs of shadow IT

Companies should be vigilant and consider the significant costs associated with shadow IT. Learn about these overlooked issues and how they affect the organization. Continue Reading
By
- Paul Kirvan

Tip 24 Aug 2016
Mobile security issues and solutions

Mobile technology usage is growing just as the number of threats facing mobile data is growing. CIOs must combat mobile security issues to stay ahead in the mobile-dominated world. Continue Reading
By
- Bob Egan, The Sepharim Group
Tip 11 May 2016
Risk assessment analysis and BIA data in BC plans

Examine how BIA and RA data are used to formulate business continuity strategies. It's common to bypass these steps, but the data can result in more precise and focused BC plans. Continue Reading
By
- Paul Kirvan
Answer 06 Oct 2015
How can enterprises manage the cybersecurity skills gap?

Due to the demand for professionals with backgrounds in both computer science and networking, filling cybersecurity jobs is difficult. Technology will have to play a bigger role. Continue Reading
By
- Julian Weinberger, NCP engineering
Tip 06 Feb 2015
Private cloud termination agreement: What CIOs need to know

Relationships between companies and their cloud providers can be fleeting. Knowing this, it's important for CIOs to think about exit strategies before they sign that cloud contract. David Rutchik, a partner at Pace Harmon LLC, offers advice. Continue Reading
By
- Kristen Lee, News Writer
Tip 27 Jan 2015
A CISO's introduction to enterprise data governance strategy

Every enterprise must have a viable strategy for protecting high-value data. See if your plan aligns with Francoise Gilbert's advice on top priorities to consider when defining data governance plans. Continue Reading
By
- Francoise Gilbert, Greenberg Traurig
Definition 23 Jun 2014
limitation of liability clause

A limitation of liability clause is the section in a service-level agreement (SLA) that specifies the amounts and types of damages that each party will be obliged to provide to the other in particular circumstances. In a legal context, a liability is generally a responsibility to compensate for some failure to perform according to an established or agreed-upon stipulation. Continue Reading
By
- Ivy Wigmore
Guide 06 Jun 2014

The CIO cloud blueprint: A strategic planning guide

In this CIO Essential Guide, learn how to craft an enterprise cloud blueprint that supports your organization's software and infrastructure needs. Continue Reading
News 30 May 2014

CIOs trumpet top-down, proactive digital enterprise security

In today's digital world, where consumers are increasingly connected and data is the new currency, enterprises must take a proactive security stance. Continue Reading
Tip 13 Nov 2013
CIO tip: Learn how to present a risk-management plan to the board

CIO tip: Companies are getting serious about risk management plans -- and leaning on CIOs to help them. Continue Reading
By
- Karen Goulart
Opinion 12 Jun 2013
The GRC maturity model and value proposition

In this CIO Matters column, Harvey Koeppel takes a look at the GRC maturity model and how CIOs can turn risk management into business value. Continue Reading
By
- Harvey R. Koeppel, Pictographics Inc.
Definition 01 Feb 2013
business continuity management (BCM)

Business continuity management (BCM) is a framework for identifying an organization's risk of exposure to internal and external threats. Continue Reading
By
- Karen Goulart
Definition 07 Mar 2011
control framework

A control framework is a data structure that organizes and categorizes an organization’s internal controls, which are practices and procedures established to create business value and minimize risk. Continue Reading
By
- TechTarget Contributor
News 06 Aug 2010

New class of compliance professionals will drive new certifications

Legislation such as the Sarbanes-Oxley Act is creating a new class of compliance professionals, but coming up with new certifications for them may not be so easy. Continue Reading
News 01 Jul 2010

A funny thing happened on the way to Sarbanes-Oxley Act compliance

The U.S. Supreme Court's narrow ruling this week on the Sarbanes-Oxley Act underscored how CIOs have capitalized on becoming SOX compliant. Continue Reading
News 16 Apr 2010

Don't be a horror story! Why social media policies matter to the CIO

Social media policies are crucial in the age of Facebook and Twitter, where security and compliance risks abound. How can the CIO avoid social media notoriety? Continue Reading
News 19 Mar 2010

Success with cloud applications calls for a strong data-privacy policy

Cloud applications are making headway in the public sector, as agency CIOs consider the ramifications on data-privacy policy and compliance concerns. Continue Reading
Tip 22 Jan 2010
Lack of incident response plan leaves hole in compliance strategy

Without an incident response plan, businesses can tend to be reactive rather than proactive when data breaches occur. Here are some steps to follow. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Tip 06 Oct 2009
Threat management for information systems relies on categorization

Every information system faces threats, but not all threats should be treated equally. ISO 27005 offers a guide on how to categorize threats to your organization. Continue Reading
By
- Steven Ross, Risk Masters, Inc.
News 06 Oct 2009
GPS devices, geolocation data create privacy, security risks

Emerging technologies that allow users to broadcast geographic locations raise many issues for companies, CIOs, while legislatures and the FTC consider legal aspects. Continue Reading
By
- Linda Tucci, Industry Editor -- CIO/IT Strategy
Tip 09 Sep 2009
Does using ISO 27000 to comply with PCI DSS make for better security?

PCI DSS is under fire for not providing enough security in the process of securing credit card data. Using ISO 27000 to complement PCI may provide better compliance and security. Continue Reading
By
- Mathieu Gorge, VigiTrust
News 03 Jul 2007

House votes to give small companies more time on Sarbanes-Oxley

The U.S. House of Representatives moved toward giving small companies an additional year to adhere to the Sarbanes-Oxley Act's accounting rules, which are being revised by the Securities and Exchange Commission. Continue Reading
News 12 Jun 2007

Retailers face deadline for security standard

Credit card firms are giving merchants until June 30 to comply with the Payment Card Industry Data Security Standard, which is designed to protect users from online theft. Teranet discusses what it had to do. Continue Reading
News 09 Jan 2007

Securities fraud suits down, accounting complaints up

The number of class actions filed alleging securities fraud plummeted in 2006, due in part to tougher enforcement, according to a study released by Stanford Law School. Continue Reading
News 10 Nov 2006

Data governance rises to top of compliance efforts

Analysts in the field of regulatory compliance say enterprises should increasingly build their IT auditing processes around database governance efforts. Continue Reading
News 29 Sep 2006

Greenspan says to dump Sarbanes-Oxley

The Sarbanes-Oxley Act is doing more harm than good and must be overhauled, Alan Greenspan told a technology audience in Boston. Continue Reading
News 28 Feb 2006

Compliance costs too high, says SIA report

According to a study released Monday by the Securities Industry Association (SIA), the cost of compliance has nearly doubled in the past three years. The good news: SIA says you don't have to be spending so much. Continue Reading
News 03 May 2005

Opinion: SOX is stinking up 2005

It's official: The Sarbanes-Oxley costs -- in time and money -- are rising higher than anyone expected and there may be a backlash before the calendar year is out. Continue Reading
News 14 Mar 2005

Preparing for a SOX audit

If your number comes up for a Sarbanes-Oxley audit, don't panic. A compliance expert offers five tips to help IT administrators meet the challenge. Continue Reading
News 14 Mar 2005

How to (really) address HIPAA

The deadline for HIPAA messaging security compliance is right around the corner. Find out what you need to do to meet the new federal secure messaging requirements. Continue Reading