Risk and compliance strategies and best practices
Enterprise risk and compliance processes are a vital component of successful businesses in the digital age as companies struggle with constantly evolving data threats and regulatory mandates. Read news and tips to assist with risk and compliance strategies, including advice to streamline data governance efforts to help keep business information compliant and secure.
Top Stories
-
Tip
13 Mar 2024
17 potential costs of shadow IT
Companies should be vigilant and consider the significant costs associated with shadow IT. Learn about these overlooked issues and how they affect the organization. Continue Reading
-
Tip
05 Mar 2024
What are the pros and cons of shadow IT?
The increase of generative AI, digital natives and remote work drives the rise of shadow IT. CIOs and IT leaders should evaluate the pros and cons to mitigate potential risks. Continue Reading
-
Podcast
23 Feb 2018
Relentless AI cyberattacks will require new protective measures
AI cyberattacks won't be particularly clever; instead, they'll be fast and fierce. Carnegie Mellon University's Jason Hong explains in this episode of 'Schooled in AI.' Continue Reading
-
News
19 Feb 2018
GRC professionals: Regs, big data, cloud top IT priorities 2018
Regulatory initiatives remain at the top of GRC pros' lists of tech projects, according to TechTarget's annual IT Priorities 2018 survey, but grab less attention than last year. Continue Reading
-
Feature
14 Aug 2017
Mitigating security risks posed by emerging tech: Expert advice
Companies are in hot pursuit of the benefits offered by cutting-edge technologies, but mitigating security risks often gets scant attention. CIOs need to change that. Here's how. Continue Reading
-
News
14 Oct 2016
Samsung Note 7 disaster a CIO parable about quality assurance
Reasons for the Samsung Note 7 disaster are not fully known, but experts are certain of this: A shoddy quality assurance process can kill you. Also: Gig economy up; PC orders down; Amazon stores a-coming. Continue Reading
-
Tip
24 Aug 2016
Mobile security issues and solutions
Mobile technology usage is growing just as the number of threats facing mobile data is growing. CIOs must combat mobile security issues to stay ahead in the mobile-dominated world. Continue Reading
-
Tip
11 May 2016
Risk assessment analysis and BIA data in BC plans
Examine how BIA and RA data are used to formulate business continuity strategies. It's common to bypass these steps, but the data can result in more precise and focused BC plans. Continue Reading
-
Answer
06 Oct 2015
How can enterprises manage the cybersecurity skills gap?
Due to the demand for professionals with backgrounds in both computer science and networking, filling cybersecurity jobs is difficult. Technology will have to play a bigger role. Continue Reading
-
Tip
06 Feb 2015
Private cloud termination agreement: What CIOs need to know
Relationships between companies and their cloud providers can be fleeting. Knowing this, it's important for CIOs to think about exit strategies before they sign that cloud contract. David Rutchik, a partner at Pace Harmon LLC, offers advice. Continue Reading
-
Tip
27 Jan 2015
A CISO's introduction to enterprise data governance strategy
Every enterprise must have a viable strategy for protecting high-value data. See if your plan aligns with Francoise Gilbert's advice on top priorities to consider when defining data governance plans. Continue Reading
-
Definition
23 Jun 2014
limitation of liability clause
A limitation of liability clause is the section in a service-level agreement (SLA) that specifies the amounts and types of damages that each party will be obliged to provide to the other in particular circumstances. In a legal context, a liability is generally a responsibility to compensate for some failure to perform according to an established or agreed-upon stipulation. Continue Reading
-
Guide
06 Jun 2014
The CIO cloud blueprint: A strategic planning guide
In this CIO Essential Guide, learn how to craft an enterprise cloud blueprint that supports your organization's software and infrastructure needs. Continue Reading
-
News
30 May 2014
CIOs trumpet top-down, proactive digital enterprise security
In today's digital world, where consumers are increasingly connected and data is the new currency, enterprises must take a proactive security stance. Continue Reading
-
Tip
13 Nov 2013
CIO tip: Learn how to present a risk-management plan to the board
CIO tip: Companies are getting serious about risk management plans -- and leaning on CIOs to help them. Continue Reading
-
Opinion
12 Jun 2013
The GRC maturity model and value proposition
In this CIO Matters column, Harvey Koeppel takes a look at the GRC maturity model and how CIOs can turn risk management into business value. Continue Reading
-
Tip
28 Feb 2013
Four steps to defining and articulating the role of risk management
Risk management programs are under pressure from all quarters. Here are four steps to defining and articulating the role of risk management. Continue Reading
-
Definition
01 Feb 2013
business continuity management (BCM)
Business continuity management (BCM) is a framework for identifying an organization's risk of exposure to internal and external threats. Continue Reading
-
Definition
07 Mar 2011
control framework
A control framework is a data structure that organizes and categorizes an organization’s internal controls, which are practices and procedures established to create business value and minimize risk. Continue Reading
-
News
06 Aug 2010
New class of compliance professionals will drive new certifications
Legislation such as the Sarbanes-Oxley Act is creating a new class of compliance professionals, but coming up with new certifications for them may not be so easy. Continue Reading
-
News
01 Jul 2010
A funny thing happened on the way to Sarbanes-Oxley Act compliance
The U.S. Supreme Court's narrow ruling this week on the Sarbanes-Oxley Act underscored how CIOs have capitalized on becoming SOX compliant. Continue Reading
-
News
16 Apr 2010
Don't be a horror story! Why social media policies matter to the CIO
Social media policies are crucial in the age of Facebook and Twitter, where security and compliance risks abound. How can the CIO avoid social media notoriety? Continue Reading
-
News
19 Mar 2010
Success with cloud applications calls for a strong data-privacy policy
Cloud applications are making headway in the public sector, as agency CIOs consider the ramifications on data-privacy policy and compliance concerns. Continue Reading
-
Tip
22 Jan 2010
Lack of incident response plan leaves hole in compliance strategy
Without an incident response plan, businesses can tend to be reactive rather than proactive when data breaches occur. Here are some steps to follow. Continue Reading
-
Tip
06 Oct 2009
Threat management for information systems relies on categorization
Every information system faces threats, but not all threats should be treated equally. ISO 27005 offers a guide on how to categorize threats to your organization. Continue Reading
-
News
06 Oct 2009
GPS devices, geolocation data create privacy, security risks
Emerging technologies that allow users to broadcast geographic locations raise many issues for companies, CIOs, while legislatures and the FTC consider legal aspects. Continue Reading
-
Tip
09 Sep 2009
Does using ISO 27000 to comply with PCI DSS make for better security?
PCI DSS is under fire for not providing enough security in the process of securing credit card data. Using ISO 27000 to complement PCI may provide better compliance and security. Continue Reading
-
News
03 Jul 2007
House votes to give small companies more time on Sarbanes-Oxley
The U.S. House of Representatives moved toward giving small companies an additional year to adhere to the Sarbanes-Oxley Act's accounting rules, which are being revised by the Securities and Exchange Commission. Continue Reading
-
News
12 Jun 2007
Retailers face deadline for security standard
Credit card firms are giving merchants until June 30 to comply with the Payment Card Industry Data Security Standard, which is designed to protect users from online theft. Teranet discusses what it had to do. Continue Reading
-
News
09 Jan 2007
Securities fraud suits down, accounting complaints up
The number of class actions filed alleging securities fraud plummeted in 2006, due in part to tougher enforcement, according to a study released by Stanford Law School. Continue Reading
-
News
10 Nov 2006
Data governance rises to top of compliance efforts
Analysts in the field of regulatory compliance say enterprises should increasingly build their IT auditing processes around database governance efforts. Continue Reading
-
News
29 Sep 2006
Greenspan says to dump Sarbanes-Oxley
The Sarbanes-Oxley Act is doing more harm than good and must be overhauled, Alan Greenspan told a technology audience in Boston. Continue Reading
-
News
28 Feb 2006
Compliance costs too high, says SIA report
According to a study released Monday by the Securities Industry Association (SIA), the cost of compliance has nearly doubled in the past three years. The good news: SIA says you don't have to be spending so much. Continue Reading
-
News
03 May 2005
Opinion: SOX is stinking up 2005
It's official: The Sarbanes-Oxley costs -- in time and money -- are rising higher than anyone expected and there may be a backlash before the calendar year is out. Continue Reading
-
News
14 Mar 2005
Preparing for a SOX audit
If your number comes up for a Sarbanes-Oxley audit, don't panic. A compliance expert offers five tips to help IT administrators meet the challenge. Continue Reading
-
News
14 Mar 2005
How to (really) address HIPAA
The deadline for HIPAA messaging security compliance is right around the corner. Find out what you need to do to meet the new federal secure messaging requirements. Continue Reading