Risk management and governance
With today's exponential advances in technology, CIOs, CTOs, CDOs and other IT leaders need critical advice on risk management and governance. Get news, guides and tips about technology-related compliance and data privacy issues, regulatory frameworks, limits on enterprise software development, cyber risk issues, metaverse dangers, cryptocurrency regulation and more.
Top Stories
-
Feature
30 Jun 2025
Enterprise cybersecurity: A strategic guide for CISOs
CISOs and others responsible for safeguarding an organization's systems, networks and data need to manage day-to-day threats while also planning strategically for what's ahead. Continue Reading
-
Tip
30 Jun 2025
Change management in business continuity
Change management and business continuity share a common goal: Preventing future disruptions. Find out where change management fits into business continuity planning here. Continue Reading
-
Definition
30 Jun 2025
What is the ISO 31000 Risk Management standard?
The ISO 31000 Risk Management framework is an international standard that provides organizations with guidelines and principles for risk management. Continue Reading
-
Feature
30 Jun 2025
Enterprise cybersecurity: A strategic guide for CISOs
CISOs and others responsible for safeguarding an organization's systems, networks and data need to manage day-to-day threats while also planning strategically for what's ahead. Continue Reading
-
Tip
30 Jun 2025
Change management in business continuity
Change management and business continuity share a common goal: Preventing future disruptions. Find out where change management fits into business continuity planning here. Continue Reading
-
News
26 Jun 2025
In an FTC antitrust win, Meta could face divestitures
The FTC argues that Meta acquired Instagram and WhatsApp to eliminate competition in social media networks. If the FTC wins its case, Meta could be forced to sell those products. Continue Reading
-
News
25 Jun 2025
Google settlement may affect DOJ antitrust remedies
Google faces numerous antitrust challenges and has agreed to spend $500 million revamping its regulatory compliance structure in a settlement with shareholders. Continue Reading
-
News
24 Jun 2025
Trump wants to axe rules affecting business competition
As the FTC and DOJ work to assess what rules to cut, lawmakers disagree on how deregulation will affect U.S. markets. Continue Reading
-
Definition
24 Jun 2025
What is risk avoidance?
Risk avoidance is the elimination of hazards, activities and exposures that can negatively affect an organization and its assets. Continue Reading
-
Definition
23 Jun 2025
What is pure risk?
Pure risk refers to risks that are beyond human control and result in a loss or no loss, with no possibility of financial gain. Continue Reading
-
Definition
23 Jun 2025
What is residual risk? How is it different from inherent risk?
Residual risk is the risk that remains after efforts to identify and eliminate some or all types of risk have been made. Continue Reading
-
Tip
23 Jun 2025
How to choose a cybersecurity vendor: 12 key criteria
Choosing a cybersecurity vendor entails a two-phase approach: shortlisting vendors using clear requirements, then conducting thorough evaluations based on key criteria. Here's how. Continue Reading
-
Definition
20 Jun 2025
What is risk assessment?
Risk assessment is the process of identifying hazards that could negatively affect an organization's ability to conduct business. Continue Reading
-
Definition
20 Jun 2025
What is the Risk Management Framework (RMF)?
The Risk Management Framework (RMF) is a template and guideline organizations use to identify, eliminate and minimize risks. Continue Reading
-
Definition
17 Jun 2025
What is market concentration?
Market concentration refers to how a market is distributed among competing companies. Continue Reading
-
Feature
17 Jun 2025
ERM implementation: How to deploy a framework and program
Enterprise risk management helps organizations proactively manage risks. Here's a look at ERM frameworks that can be used and key steps for implementing a program. Continue Reading
-
Definition
16 Jun 2025
What is ESG reporting? Importance and how to get started
ESG reporting is a type of corporate disclosure that details an organization's environmental, social and governance (ESG) promises, efforts and progress. Continue Reading
-
Tip
16 Jun 2025
What is a compliance audit? (with an example checklist)
A compliance audit is critical for finding any potential compliance gaps in an organization's operations. Here's what companies can do to prepare for them. Continue Reading
-
Definition
16 Jun 2025
What is operational risk?
Operational risk is the risk of losses caused by flawed or failed processes, policies, systems, people or events that disrupt business operations. Continue Reading
-
Tip
13 Jun 2025
How to write a risk appetite statement: Template, examples
A risk appetite statement defines acceptable risk levels for an organization. Here's what it includes and how to create one, with examples and a downloadable template. Continue Reading
-
Tip
13 Jun 2025
CISO's guide to building a strong cyber-resilience strategy
Cyber-resilience strategies that integrate BCDR, incident response and cybersecurity enable CISOs to build frameworks that help their organizations effectively handle cyberattacks. Continue Reading
-
News
12 Jun 2025
Policymakers assess nuclear energy for AI data centers
Big tech vendors are recognizing the energy demands of their AI services, causing them to make significant energy investments. Continue Reading
-
Tip
11 Jun 2025
IoT compliance standards and how to comply
To address IoT security concerns, it's critical for IT leaders to adhere to IoT compliance standards. Learn more about IoT compliance and its IT-relevant standards. Continue Reading
-
News
10 Jun 2025
U.S. will need policy to navigate EU rules
Protecting U.S. tech companies from the EU's regulatory regime will present a challenge to U.S. officials, who have pursued antitrust cases against big tech. Continue Reading
-
Definition
10 Jun 2025
What is financial risk management?
Financial risk management is the continuous process of recognizing, evaluating and mitigating potential threats to an individual's or organization's financial health. Continue Reading
-
Definition
10 Jun 2025
What is a risk management specialist, and what does one do?
A risk management specialist is a role appointed within organizations to identify potential risks that might negatively affect the business. Continue Reading
-
News
05 Jun 2025
UK backdoor order to Apple raises bipartisan concerns
U.S. officials fear that gaps in existing law may enable countries to target U.S. companies with data access requests that harm user privacy and security. Continue Reading
-
Definition
05 Jun 2025
What is third-party risk management (TPRM)?
Third-party risk management (TPRM) is a comprehensive framework for identifying, assessing, and mitigating risks associated with using external vendors, suppliers, partners and service providers. Continue Reading
-
Feature
05 Jun 2025
What is vendor risk management (VRM)? A guide for businesses
Vendor risk management identifies, assesses and mitigates risks from third-party vendors to protect companies from data breaches, operational disruptions and compliance violations. Continue Reading
-
Tip
05 Jun 2025
Compliance stakeholders and how to work with them
Stakeholders' involvement can strengthen an organization's compliance program. Learn best practices for engaging key stakeholders in compliance initiatives. Continue Reading
-
Feature
05 Jun 2025
Top 5 steps in the risk management process
Implementing an effective risk management process is a key part of managing business risks. Follow these five steps to ensure a successful process. Continue Reading
-
Tip
04 Jun 2025
A guide to risk registers: Benefits and examples
Risk registers document, prioritize and track an organization's risk, providing organizations with a holistic view of risk and a ready way to communicate their risk strategies. Continue Reading
-
Tip
04 Jun 2025
Learn how to harness strategic risk and improve your operations
Organizations face factors beyond their control that can prevent them from meeting their long-term goals. Learn about the building blocks behind a cohesive strategic risk strategy. Continue Reading
-
Tip
04 Jun 2025
What is risk monitoring? Definition and best practices
In today's complex environment, risk monitoring provides systematic identification and analysis of threats, enabling organizations to address issues proactively. Continue Reading
-
Definition
04 Jun 2025
What is scenario analysis?
Scenario analysis is a risk management and strategic planning process used to evaluate the risk and potential effects of a future event. Continue Reading
-
Tip
02 Jun 2025
Organizational vs. operational resilience
Organizational and operational resilience are two critical components of BCDR. Learn the differences between the two and how to establish them for peak resilience. Continue Reading
-
Feature
02 Jun 2025
Risk maturity model: How it works and how to use one
Explore risk maturity models and assessment tools for enhancing enterprise risk management. Improve ERM programs to mitigate risk and gain a competitive edge. Continue Reading
-
Tip
30 May 2025
Key steps to developing a healthy risk culture
Some companies fail to communicate that risk is every employee's business. For others, top leadership is the impediment. Here are the key steps to building a strong risk culture. Continue Reading
-
Tip
30 May 2025
What is risk identification? Importance and methods
Risk identification is a crucial first step in risk management, enabling organizations to document and prepare for potential threats and opportunities. Continue Reading
-
Definition
30 May 2025
What is risk acceptance?
Risk acceptance is a risk management strategy in which a business acknowledges and accepts the existence of a particular risk, but does not take action to reduce or eliminate it. Continue Reading
-
Definition
30 May 2025
What is fourth-party risk management (FPRM)?
Fourth-party risk management (FPRM) is the process of identifying, assessing and mitigating risks that originate from the subcontractors and service providers that an organization's third-party vendors use. Continue Reading
-
Feature
30 May 2025
13 types of business risks for companies to manage
Knowing the types of risks businesses commonly face and their applicability to your company is a first step toward effective risk management. Continue Reading
-
Feature
29 May 2025
What is risk transfer? Methods, examples and strategic tips
Risk transfer shifts potential financial liability from one party to another through insurance contracts, legal agreements or financial tools to protect organizations from losses. Continue Reading
-
Definition
28 May 2025
What is a compliance framework?
A compliance framework is a structured set of guidelines that details an organization's processes for maintaining accordance with established regulations, specifications or legislation. Continue Reading
-
Definition
28 May 2025
What is a risk manager? Roles and responsibilities
A risk manager is a professional responsible for identifying and mitigating dangers to an organization's operations, reputation, safety, security and financial health -- any aspect with a potential negative impact on the company. Continue Reading
-
News
22 May 2025
U.S. policy moves reflect big tech issues with state AI laws
House Republicans proposed a 10-year moratorium on state AI rules, reflecting a concern among tech companies about the growing patchwork of state AI and data privacy measures. Continue Reading
-
Feature
22 May 2025
Risk appetite vs. risk tolerance: How are they different?
Risk appetite and risk tolerance are related, but they don’t mean the same thing. Not knowing the difference can cause big problems for your risk management program. Continue Reading
-
News
20 May 2025
Court to weigh divestiture in Google ad tech antitrust case
Forcing Google to divest assets in the DOJ's advertising market antitrust case against it will present a challenging issue to the court during the upcoming remedies trial. Continue Reading
-
Definition
19 May 2025
What is compliance risk?
Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting from its failure to act in accordance with industry laws and regulations, internal policies or prescribed best practices. Continue Reading
-
News
15 May 2025
Proposed U.S. budget cuts raise fears about tech innovation
President Donald Trump's proposed FY 2026 budget slashes funding for federal agencies, including NSF and NIST, which support tech research and innovation in the U.S. Continue Reading
-
Definition
14 May 2025
What is business resilience?
Business resilience is an organization's ability to adapt quickly to disruptions while maintaining continuous business operations and safeguarding people, assets and overall brand equity. Continue Reading
-
News
13 May 2025
AI copyright suits to be affected by Copyright Office stance
Federal report findings could weaken GenAI vendors' fair use positions in copyright suits. Continue Reading
-
Definition
13 May 2025
What is the consumerization of IT (IT consumerization)?
The consumerization of IT refers to how software and hardware products designed for personal use have migrated into the enterprise and are used for work purposes. Continue Reading
-
Feature
12 May 2025
RIT showcase offers glimpse of early tech innovation cycle
Connected vehicle security, AI and 3D printing were among the technologies featured at Imagine RIT, an annual exhibition focusing on student and faculty innovation. Continue Reading
-
News
12 May 2025
Contempt order worsens Apple's antitrust woes
A federal judge found Apple to be in contempt of an injunction ordering the company to make access to alternative payment options in the company's App Store easier. Continue Reading
-
Definition
09 May 2025
What is risk reporting?
Risk reporting is a method of identifying risks tied to or potentially impacting an organization's business processes. Continue Reading
-
Definition
09 May 2025
What is the Sarbanes-Oxley Act? Definition and summary
The Sarbanes-Oxley Act of 2002 (SOX) is a federal law that established sweeping auditing and financial regulations for public companies. Continue Reading
-
Feature
07 May 2025
Why is sustainable marketing important?
Sustainable marketing is important because it raises awareness of environmental and social issues. On a business level, it can improve brand loyalty and worker engagement. Continue Reading
-
Tip
07 May 2025
CIO vs. CTO: Key differences in roles and responsibilities
The emergence of IT and its ever-increasing importance to enterprise operations led to the creation of two tech exec positions with similar duties: the CIO and the CTO. Continue Reading
-
Feature
07 May 2025
Enterprise risk management team: Roles and responsibilities
Every facet of business operations is exposed to risks, requiring a risk management team that's composed of a diverse mix of corporate executives and managers. Continue Reading
-
News
01 May 2025
Enterprises need to prepare for DOJ data rule
Organizations must take steps to ensure compliance with emerging rules targeting foreign adversaries' access to U.S. citizens' sensitive personal information. Continue Reading
-
Tip
30 Apr 2025
10 ways to reduce your MTTR
Mean time to repair is a critical metric for BCDR professionals. Learn how to calculate and reduce MTTR with this tip. Continue Reading
-
News
30 Apr 2025
DOGE divides policymakers on federal IT modernization
A former federal deputy CIO testified that reauthorizing the Technology Modernization Fund will help the government continue IT modernization projects. Continue Reading
-
News
29 Apr 2025
Regulators urge businesses to cooperate on data privacy laws
Providing detailed background information is one way to help data privacy regulators during investigations of potential violations. Continue Reading
-
Definition
28 Apr 2025
What is a risk map (risk heat map)?
A risk map, or risk heat map, is a data visualization tool for communicating specific risks an organization faces. Continue Reading
-
News
25 Apr 2025
AI tests limits of data privacy regulation
OpenAI CEO Sam Altman speaks about where data privacy guardrails are needed and where there might be room to rework privacy approaches. Continue Reading
-
News
24 Apr 2025
Policymakers look to state laws for federal data privacy law
Twenty U.S. states have adopted comprehensive data privacy laws, meaning that businesses face a complex network of laws with varied privacy requirements and definitions. Continue Reading
-
News
23 Apr 2025
DOJ rule aims to block adversaries' access to personal data
The new federal measure could apply to companies beyond data brokers. It stems from an executive order signed by former President Joe Biden. Continue Reading
-
Definition
22 Apr 2025
What is business transformation?
Business transformation refers to fundamental changes in an organization’s operations, strategy or structure to improve efficiency, competitiveness and financial performance. Continue Reading
-
Feature
22 Apr 2025
9 quantum computing challenges IT leaders should know
While the theory of quantum mechanics is complex, the technology might offer practical uses for organizations. Learn about the challenges and opportunities of quantum computing. Continue Reading
-
News
18 Apr 2025
Google, Meta antitrust cases could set legal precedents
The courts dealt Google a blow this week, deciding it operates an illegal monopoly in digital ad tech. Meta's antitrust trial over Instagram and WhatsApp also began this week. Continue Reading
-
Definition
17 Apr 2025
What is a SWOT analysis? Definition, examples and how to
SWOT analysis is a framework for identifying and analyzing an organization's strengths, weaknesses, opportunities and threats. Continue Reading
-
Tip
17 Apr 2025
Tips to find cyber insurance coverage in 2025
Most businesses have a form of cyber insurance, either through cyber liability and data breach endorsements in traditional business policies or through standalone cyber policies. Continue Reading
-
News
15 Apr 2025
Global leaders reckon with U.S. tariffs
The Trump administration says it is using tariffs to renegotiate trade deals, stop illegal drug crossings into the U.S. and boost domestic manufacturing. Continue Reading
-
Definition
14 Apr 2025
What is a project charter? Definition and examples
A project charter is a formal short document stating that a project exists and providing project managers with written authority to begin work. Continue Reading
-
Definition
14 Apr 2025
What is corporate governance?
Corporate governance is the combination of rules, processes and laws by which businesses are operated, regulated and controlled. Continue Reading
-
Definition
14 Apr 2025
What is e-business?
E-business (electronic business) is the conduct of online business processes on the web, internet, extranet or a combination thereof. Continue Reading
-
Definition
11 Apr 2025
What is a chief technology officer (CTO)?
A chief technology officer (CTO) is a high-level executive who is responsible for overseeing an organization's strategic use of IT. Continue Reading
-
Feature
11 Apr 2025
How do green marketing and sustainable marketing differ?
Many organizations use green and sustainable marketing to build trust with consumers. Green marketing focuses on the environment, whereas sustainable marketing is broader. Continue Reading
-
Definition
10 Apr 2025
What is a business continuity policy?
A business continuity policy is the set of standards and guidelines an organization enforces to ensure resilience and proper risk management. Continue Reading
-
News
09 Apr 2025
Trump puts stamp on CHIPS Act deals with new office
President Donald Trump tasks a new U.S. Investment Accelerator office with managing the CHIPS Program Office and reducing businesses' regulatory burdens. Continue Reading
-
Tip
09 Apr 2025
Quantum-resistant algorithms: Why they matter
Quantum-resistant algorithms play a crucial role in post-quantum cryptography, which protects against threats on digital signatures and current encryption methods. Continue Reading
-
News
08 Apr 2025
Policymakers weigh U.S.-China AI competition after DeepSeek
Boosting federal R&D, sustaining export controls and creating a federal AI framework are a few suggestions experts made to help maintain the U.S. lead in AI. Continue Reading
-
Definition
08 Apr 2025
What is sustainability risk management (SRM)?
Sustainability risk management (SRM) is a business strategy that aligns profit goals with a company's environmental, social and governance (ESG) policies. Continue Reading
-
Definition
08 Apr 2025
What is a key risk indicator (KRI) and why is it important?
A key risk indicator (KRI) is a metric for measuring the likelihood that the combined probability of an event and its consequences will exceed the organization's risk appetite. Continue Reading
-
News
03 Apr 2025
Trump aims to consolidate federal IT contracts
Moving billions of dollars' worth of contracts into the General Services Administration could create workload challenges as the federal agency navigates staffing cuts. Continue Reading
-
News
02 Apr 2025
U.S. levies tariffs in onshoring bid, hiking tech costs
Newly implemented tariffs mean businesses will face added costs and trade complexities as the Trump administration pushes for companies to manufacture onshore. Continue Reading
-
Tip
31 Mar 2025
How quantum cybersecurity changes the way you protect data
Here's a full guide to the threats quantum computers pose to today's encryption algorithms -- and how to prepare now to become "crypto-agile" enough to stay ahead of bad actors. Continue Reading
-
Answer
28 Mar 2025
Business impact analysis vs. risk assessment explained
Do you know the difference between a business impact analysis and risk assessment? Find out how they differ and why you need to perform both here. Continue Reading
-
News
26 Mar 2025
Congress weighs changes to regulatory agency CFPB
Congress is taking a second look at federal agencies like the CFPB and considering reforms to ease regulatory and compliance burdens for businesses. Continue Reading
-
Definition
26 Mar 2025
What is a web application firewall (WAF)? WAF explained
A web application firewall (WAF) is a firewall that is meant to protect web applications against common web-based threats. Continue Reading
-
News
21 Mar 2025
Google, OpenAI target state laws in AI action plan
The federal government is developing plans for AI policy in the U.S. Stakeholders want a federal policy preempting state laws as a top strategic priority. Continue Reading
-
News
19 Mar 2025
FTC commissioners fired as federal agencies face reckoning
The FTC, IRS and other federal agencies providing business oversight face policy shifts and restructuring measures under President Donald Trump's administration. Continue Reading
-
News
18 Mar 2025
As lawsuits pile up, Section 230 shields digital platforms
Section 230 immunity and First Amendment rights create a staggering challenge for legal teams looking to hold social media platforms accountable for alleged harms. Continue Reading
-
Feature
10 Mar 2025
How to assess pandemic risk in 2025
Businesses learned a lot about disaster recovery and risk from COVID-19. The challenge today is to not forget those lessons or become negligent with future pandemics. Continue Reading
-
News
07 Mar 2025
Trump tariffs raise USMCA trade agreement questions
Imposing large tariffs on U.S. allies in the United States-Mexico-Canada Agreement could be a boon for China. Continue Reading
-
Feature
06 Mar 2025
16 top ERM software vendors to consider in 2025
Various software tools can help automate risk management and GRC processes. Here's a look at 16 enterprise risk management vendors and their products. Continue Reading
-
News
05 Mar 2025
New FTC rules unlikely with limited funds, policy shifts
Amid resource limitations and changes at the federal level, the FTC will be cautious in its approach to bringing cases and making other significant changes. Continue Reading
-
Definition
04 Mar 2025
What is root cause analysis?
Root cause analysis (RCA) is a method for understanding the underlying cause of an observed or experienced incident. Continue Reading
-
Definition
04 Mar 2025
What is cost management? Definition, steps and benefits
Cost management is the process of planning and controlling a business budget. A good cost management system helps an organization estimate and allocate its budget. Continue Reading
-
Feature
27 Feb 2025
Enterprise AI strategy surges in importance for IT buyers
Organizations have sharply elevated the business importance of AI and machine learning technologies, according to Informa TechTarget's survey on 2025 IT spending plans. Continue Reading
-
Tip
21 Feb 2025
How to manage and mitigate reputational risk
Believe it or not, there are actually several reasons for a business to care about its reputation. Continue Reading