Risk management and governance

With today's exponential advances in technology, CIOs, CTOs, CDOs and other IT leaders need critical advice on risk management and governance. Get news, guides and tips about technology-related compliance and data privacy issues, regulatory frameworks, limits on enterprise software development, cyber risk issues, metaverse dangers, cryptocurrency regulation and more.

Top Stories

News 22 Nov 2023
Possible reasons for Meta disbanding its responsible AI team

After releasing more generative AI tools this year, the tech giant made a controversial move by dismantling its unit dedicated to responsible AI. Continue Reading
News 20 Nov 2023
Presidential candidate's AI chatbot fields policy questions

GOP presidential candidate Asa Hutchinson is using an AI chatbot to provide insight on his policy stances, a development that both impresses and worries tech and media experts. Continue Reading

Feature 30 Apr 2019

EU GDPR terms to know

Compliance regulations can be complicated to follow, particularly in the new age of data privacy. Here's a breakdown of the must-know terms for companies who are subject to GDPR. Continue Reading
Feature 24 Apr 2019

State data privacy laws, regulations changing CISO priorities

Attorney and IT security expert Scott Giordano discusses how the growing number of state data privacy laws are changing CISOs' information management role. Continue Reading
Feature 14 Mar 2019

AI security tech is making waves in incident response

Experts weigh in on the latest smart cybersecurity tools -- how they work, the implications for your IT security team and whether the investment is worth the expense. Continue Reading
Tip 18 Feb 2019

How AI cybersecurity thwarts attacks -- and how hackers fight back

IT leaders are using AI to take security to the next level. But how much security can AI provide? David Petersson examines where AI cybersecurity excels and how it can be fooled. Continue Reading
Feature 31 Dec 2018

Learning from 2018 cybersecurity incidents: Perform due diligence

Cybersecurity incidents continued to plague companies in 2018. Experts weigh in on the lessons learned and consumer responses to the largest information security breaches of the year. Continue Reading
Answer 21 Dec 2018

What role does machine learning play in the threat hunting process?

Fidelis Cybersecurity president and CEO Nick Lantuh discusses threat hunting best practices, including machine learning's role in corporate data protection. Continue Reading
Feature 19 Dec 2018

2018 articles spotlight innovation's cybersecurity and compliance risk

The top 2018 cybersecurity and compliance articles make a few things clear: digitization increases risk and requires innovative strategies to protect against evolving data threats. Continue Reading
Answer 14 Dec 2018

What's the difference between SLO vs. SLA?

Often used interchangeably, the terms SLO and SLA are not the same. Find out the key attributes of each and why each is important for managing service providers. Continue Reading
Blog Post 30 Nov 2018

Include dark web security strategies to strengthen security framework

As dark web security threats rise, enterprises should begin incorporating strategies to understand and implement dark web cyber-security measures. Continue Reading
Feature 30 Nov 2018

The future of data security threats and protection in the enterprise

The future of data security faces new threats at an ever-increasing rate. Read one expert's advice on having a data security strategy to assess and manage enterprise data security. Continue Reading
Tip 26 Nov 2018

4 cloud-based e-discovery strategies to target containerized data

A cloud migration requires evaluating any existing information governance programs. E-discovery in the cloud and for container-based data platforms requires a detailed strategy. Continue Reading
Tip 26 Nov 2018

E-discovery in the cloud introduces security, compliance issues

E-discovery is still reliable for organizing and preserving data for legal compliance, but e-discovery in the cloud and container-based storage complicate governance processes. Continue Reading
News 21 Nov 2018

Backer says U.S. Internet Bill of Rights will not follow EU model

Rep. Ro Khanna is on a mission to pass regulation that would shore up data privacy rights. But he's not looking to Europe's 'overprescriptive' approach for inspiration. Continue Reading
Answer 09 Nov 2018

How can enterprises benefit from automation in security?

Tufin Technical Director Joe Schreiber highlights how automating security operations can benefit an organization and discusses best practices for effective implementation. Continue Reading
News 31 Oct 2018

HBS panel discusses regulating social media platforms

At Harvard Business School's recent Tech Conference 24, three panelists discussed the potential need for regulating social media platforms by an independent, quasi-governmental system. Continue Reading
News 31 Oct 2018

Gartner Symposium 2018: 6 emerging trends in security

At Gartner Symposium 2018, analyst Peter Firstbrook highlighted the emerging trends in security that cybersecurity pros -- and their employers -- need to prep for in the next year. Continue Reading
Blog Post 31 Oct 2018

Will acquiring a cybersecurity company fix Facebook's security woes?

Earlier this month I wrote about lessons businesses can learn from the Facebook data breach that affected millions of users. News has now surfaced that Facebook is rumored to be shopping for a ... Continue Reading
Blog Post 30 Oct 2018

Cook's call: Put federal data privacy law in the spotlight

Federal data privacy law mandates have long been anathema to tech industry leaders, but Apple CEO Tim Cook's call for regulation could serve as a rallying cry for advocates of consumer's ... Continue Reading
News 24 Oct 2018

Cybersecurity culture: Arrow in CIOs' quiver to fight cyberthreats

Who should own your cybersecurity culture? How can we protect rampant IoT devices? MIT Sloan researchers clued CIOs into their latest research at Tuesday's SIM Boston Summit. Continue Reading
News 22 Oct 2018

ISSA International Conference 2018: Implement DoD-level security

The ISSA International 2018 Conference offers solutions for complicated privacy risks, and consultant Jeffrey Man counsels execs to take the DoD's approach to security maintenance. Continue Reading
News 04 Oct 2018

Lessons learned from the Facebook security breach

As details about the Facebook data breach continue to emerge, experts sound off on what companies can do to secure what has become a prime target for hackers: user account data. Continue Reading
Feature 02 Oct 2018

Sunkist Growers reaps the benefits of managed disaster recovery services

Sunkist Growers turned to DRaaS to make its disaster recovery options more practical for the company and its employees. But while the market is maturing, it might not work for all businesses. Continue Reading
News 13 Sep 2018

Federal privacy regulations usher in the age of tech lawmakers

Big tech and privacy advocates are lobbying for dramatically different federal data privacy rights. CIOs should pay attention to whom -- and what -- the legislation seeks to regulate. Continue Reading
Tip 12 Sep 2018

4 GDPR strategy tips to bring IT processes up to speed

The GDPR deadline has long passed, but U.S. companies remain behind on compliance. Experts provide GDPR compliance tips to make sure IT is on the right side of the privacy rules. Continue Reading
Tip 31 Aug 2018

Overcoming multi-cloud's risks, regulatory compliance challenges

Companies adopting multi-cloud data management models face numerous regulatory compliance challenges, but IT governance strategies are helping them protect disparate information. Continue Reading
Feature 31 Aug 2018

Survey: IT leaders invest to improve cybersecurity, compliance

As companies outgrow dated data protection and compliance management systems, IT leaders are making an investment in cybersecurity to avoid risk and stare down regulatory mandates. Continue Reading
Blog Post 29 Aug 2018

Cybersecurity education: North Dakota preps future workforce

North Dakota's CIO is behind a cybersecurity education program that aims to get the state's students up to speed on the essentials of IT security. Continue Reading
Feature 24 Aug 2018

Mandates create new GDPR roles, processes for compliant companies

As companies tweak IT processes to maintain General Data Protection Regulation compliance, the regulation raises questions about new, privacy-centric GDPR roles and responsibilities. Continue Reading
Feature 24 Aug 2018

Legal 'gray areas' holding back GDPR compliance program maturity

The regulation has been in place for months, but many companies are still behind with their GDPR compliance programs. Will it take a major violation to get companies to pay attention? Continue Reading
Feature 21 Aug 2018

Implementing machine learning to keep Facebook user data safe

Facebook Director of Security Aanchal Gupta shares how the social media giant is implementing machine learning in security to ensure user data is safe on its platform. Continue Reading
Feature 17 Aug 2018

5 strategies to address the GDPR data management conundrum

As IT executives continue to wrap their heads around GDPR, strategies are emerging to ease its data management compliance burden. Here are five that are already proving effective. Continue Reading
Feature 17 Aug 2018

Facebook cybersecurity: How the company is building a diverse team

Facebook director of security Aanchal Gupta sounds off on the need for diverse security teams and gives an overview of how the social media giant is working to make it happen. Continue Reading
Feature 16 Aug 2018

How to scale security: An inside look at how Facebook does it

Facebook director of security Aanchal Gupta sounds off on how the social media giant uses automation to scale security and highlights its best practices and key focus areas. Continue Reading
News 10 Aug 2018

Improving CISO-board communication: Partnership, metrics essential

With data breaches threatening the bottom line, CISO-board partnership is crucial. A new report by Kudelski Security looks at how to improve security communication with the board. Continue Reading
Blog Post 07 Aug 2018

Machine learning, AI in security: Advancing the cybersecurity landscape

More companies today are investing in AI-based cybersecurity technology to speed up incident detection and response, to better identify and communicate risk to the business, and to gain a better ... Continue Reading
Blog Post 31 Jul 2018

Cybersecurity trend watch: The power of data

It's no secret that data equals power in the digital marketplace, making strategies to protect that data a valuable business asset. The fast pace of IT advancement also makes the cybersecurity ... Continue Reading
Blog Post 31 Jul 2018

Cybersecurity trend watch: Data protection's business influence

As business leaders continue to realize the bottom line value of data protection, the cybersecurity market is already ripe for disruption. At the Gartner Security & Risk Management Summit in ... Continue Reading
Feature 24 Jul 2018

McAfee CISO: The importance of a strong cybersecurity culture

For McAfee CISO Grant Bourzikas, building a strong cyberdefense culture is essential because employees are the first line of defense to avoid rapidly evolving cybersecurity risks. Continue Reading
Feature 24 Jul 2018

McAfee CISO: Leadership buy-in essential to boost cybersecurity

As online risks continue to evolve, making sure company leadership buys in to efforts to improve cybersecurity posture has become essential, says McAfee CISO Grant Bourzikas. Continue Reading
News 22 Jun 2018

Herjavec: Cybersecurity investment now a priority for CEOs, boards

How did Robert Herjavec, CEO of a global IT security firm and star of ABC's 'Shark Tank,' know cybersecurity was gaining traction? He started getting meetings with the C-suite. Continue Reading
Answer 08 Jun 2018

How can companies protect against ransomware in the cloud?

When it comes to ransomware attacks, cloud storage is not foolproof. CyberSight's Hyder Rabbani offers tips about how to address cloud ransomware threats. Continue Reading
News 31 May 2018

Enterprise cybersecurity strategy: What a CIO needs to know

Digital transformation is leaving businesses exposed to more cyberattacks. At the MIT Sloan CIO Symposium, panelists explain how much cybersecurity expertise is expected of CIOs. Continue Reading
Tip 31 May 2018

GDPR and AI: Data collection documentation essential to compliance

It's important to remember that artificial intelligence data and AI algorithms must hold up against GDPR regulations. Here's where GDPR and AI intersect and what CIOs can do to remain compliant. Continue Reading
Feature 29 May 2018

Enterprise data encryption: Preparing for a post-quantum future

With the race toward quantum computing underway, interest in post-quantum encryption is growing. ISACA's Rob Clyde explains how CIOs and CISOs can get up to speed. Continue Reading
Feature 29 May 2018

The time to think about post-quantum cryptography is now

Rob Clyde, chairman-elect of ISACA's board of directors, worries a lot about the world according to qubits. He explains why here -- and why post-quantum cryptography should matter to CIOs. Continue Reading
Feature 21 May 2018

CISO careers: Several factors propel high turnover

The average CISO tenure is approximately 24 to 48 months. Kudelski Security's John Hellickson discusses factors driving the high turnover rate and how to improve job satisfaction. Continue Reading
Feature 14 May 2018

CISO soft skills in demand as position evolves into leadership role

Cybersecurity industry veteran Joan Pepin discusses how the evolution of the CISO role has made soft skills essential to thrive in the information security field. Continue Reading
News 11 May 2018

Force multipliers in cybersecurity: Augmenting your security workforce

During his RSA conference keynote, IBM Security's van Zadelhoff highlighted cybersecurity's top three force multipliers and explained best practices to deploy them. Continue Reading
Feature 09 May 2018

CISO: Data integrity and confidentiality are 'pillars' of cybersecurity

When it comes to protecting online info, one cybersecurity veteran says the role of a CISO is to first incorporate processes that maintain data integrity and confidentiality. Continue Reading
News 04 May 2018

Corporate IT rebrands its modern role: Reduce complexity

The days of corporate IT as a back-end function with its practitioners relegated to the basement are long over. But IT strategy in 2018 has its own host of challenges. Continue Reading
News 30 Apr 2018

Security awareness programs that work against human nature will fail

Security awareness programs should take into account that humans are basically 'lazy, social, creatures of habit,' said KnowBe4's Perry Carpenter at the CIO Boston Summit. Here are three tips. Continue Reading
News 30 Apr 2018

Top 2018 cybersecurity trends to watch out for

A glance at IT news shows cybersecurity trends remain on companies' radar. At the CIO Boston Summit, Cybereason's Jessica Stanford discussed steps to defend against risk. Continue Reading
Blog Post 27 Apr 2018

Vulnerability management programs need an upgrade for the cloud era

Gone are the days of simple, easily secured corporate networks. The proliferation of cloud computing, virtualization and containers means that the network is changing constantly, said Nate Palanov, ... Continue Reading
News 20 Apr 2018

Juniper CEO Rahim stresses cybersecurity training, automation at RSA 2018

During his RSA Conference keynote, Juniper CEO Rami Rahim encouraged leaders to be "agents of change" that embrace automation in cybersecurity and new training techniques. Continue Reading
Feature 17 Apr 2018

Tackling security debt: The role of risk register, patch management

In this Q&A, Akamai's Dave Lewis offers pointers on how to address security debt and also discusses how organizations can avoid incurring such debt. Continue Reading
Feature 13 Apr 2018

Lacking data management processes holds back digital business

The business fallout of poor data management processes goes well beyond security and privacy implications. Evident IT CEO David Thomas explains in this SearchCompliance Q&A. Continue Reading
Answer 11 Apr 2018

How do attackers build and use phishing kits?

With attackers looking to maximize their ROI, they are employing what is called a phishing kit to run scam campaigns. In this Ask the Expert, learn how such kits are built. Continue Reading
Feature 06 Apr 2018

Crypto-agility: Strategies and best practices to get there

Staying crypto-agile is vital for data security. Venafi's Paul Turner discusses how to establish crypto-agility and the need for creating an inventory of cryptographic assets. Continue Reading
Blog Post 30 Mar 2018

Cyber awareness program: How one CISO became a believer

It took a nation-state attack for Alan Levine to realize the importance of implementing a cyber awareness program. "I believed that cyber awareness training was useless because I believed my users ... Continue Reading
Tip 30 Mar 2018

How to overcome multi-cloud disaster recovery challenges

As multi-cloud environments proliferate, data backup and recovery tech is essential. Here's how to assess enterprise multi-cloud disaster recovery capabilities -- and limitations. Continue Reading
Feature 30 Mar 2018

FAQ: How is digitization influencing SEC compliance priorities?

As online trading and digital finance becomes the norm, updated SEC compliance regulations target these transactions in an effort to improve digital asset security. Continue Reading
Feature 29 Mar 2018

From phishing attempt circumvention to AI, new CIO has a big job

As the new CIO at Snow Software, Alastair Pooley is taking on a range of priorities, from helping the business to recognize a phishing attempt to exploring AI for customer support. Continue Reading
News 27 Mar 2018

MIT: Energy-efficient chip improves IoT encryption, authentication

MIT researchers have developed an energy-efficient, hard-wired chip that they say will benefit IoT encryption and ease authentication processes in the IoT environment. Continue Reading
Feature 23 Mar 2018

Cybersecurity skills gap: Get creative about cyber hiring

Hiring candidates from disciplines beyond infosec can go a long way to address the widening cybersecurity skills gap, says industry veteran Javvad Malik. Continue Reading
Answer 20 Mar 2018

How can the CISO become a business enabler?

For a cybersecurity program to be effective, CISOs must be viewed as business enablers. Kudelski Security's John Hellickson offers tips on how CISOs can make the transformation. Continue Reading
Feature 19 Mar 2018

Cybersecurity trend forecast: Streamlined, simplified security

In this SearchCIO Q&A, Javvad Malik discusses why streamlining infosec processes is becoming a top cybersecurity trend and how new tech influences the infosec industry. Continue Reading
News 16 Mar 2018

Ex-Equifax CIO's insider trading indictment a red flag for IT execs

A former Equifax CIO has been indicted for insider trading following the company's 2017 data breach. Will it force IT execs to reexamine the importance of proper breach response? Continue Reading
Blog Post 15 Mar 2018

AI's exponential curve: More from my interview with ISACA's Rob Clyde

I recently talked about the use of AI in the enterprise with Rob Clyde, vice chairman of the board of directors at ISACA, an organization focused on IT governance. The conversation focused on a new ... Continue Reading
News 15 Mar 2018

ISACA: Build security into artificial intelligence hardware

A new paper on how to fight off malicious AI recommends adding security features to AI chips. ISACA's Rob Clyde explains why that's a good idea. Continue Reading
News 15 Mar 2018

Companies ill-equipped to combat malicious AI

Companies are on the precipice of being attacked by malicious AI but lack the skills and tools needed to put up a basic defense, according to ISACA's Rob Clyde. Continue Reading
News 06 Mar 2018

IBM's cloud strategy homes in on developers

To boost its profile in IaaS, IBM's cloud strategy has shifted focus from CIOs to developers. Whether the multipronged appeal to developers will pan out remains an open question. Continue Reading
Blog Post 28 Feb 2018

Quest for resilience turns up ransomware backup strategy

Waste Industries found an unexpected benefit in a software project that aimed to make data always available: a ransomware backup strategy. Continue Reading
Blog Post 28 Feb 2018

AI attacks are coming soon to a network near you

The rapid development of artificial intelligence and machine learning is a double-edged sword. The technologies are becoming cheaper and easier to apply to the enterprise, which is also making it ... Continue Reading
Blog Post 28 Feb 2018

Unlockable iPhones, leaked code among Apple's security woes

Security on Apple devices might not be as impenetrable as many thought. Forbes reported this week that Cellebrite, an Israel-based vendor and major U.S. government contractor, is now able to unlock ... Continue Reading
Blog Post 28 Feb 2018

Survey: Attorneys still lack proficiency in e-discovery technology

E-discovery technology has become an integral -- and essential -- element of the modern legal process, but a new report suggests attorneys are still struggling to embrace the technology. A survey ... Continue Reading
Feature 28 Feb 2018

New tech creates new attack vectors, cybersecurity vulnerabilities

CISO John Germain explains how tech like AI and IoT are revolutionizing business -- and creating new cybersecurity vulnerabilities as data protection is left on the back burner. Continue Reading
Answer 28 Feb 2018

Is end user training essential to data loss prevention program success?

Regulations like the GDPR promise to enforce stricter data protection rules. While a data loss prevention program can help, it requires end-user training to ease adoption. Continue Reading
News 27 Feb 2018

DLP implementation: Partner with the business for success

Data loss prevention strategies help prevent unauthorized disclosure of sensitive information. For a DLP strategy to be successful, however, business-wide buy-in is required. Continue Reading
Feature 27 Feb 2018

Tech, growing data sets complicate enterprise cybersecurity strategy

Emerging tech has grown companies' data sets and made IT environments increasingly complex. As IT capabilities evolve, enterprise cybersecurity strategy is struggling to keep up. Continue Reading
Blog Post 26 Feb 2018

DTIM platform: New weapon against digital threats?

Digital threats pose a big challenge for organizations today, and cybercrime groups are only getting better at achieving their goals: In 2016, nearly one billion personal records and over one ... Continue Reading
Feature 23 Feb 2018

Cybersecurity's shortage of skills leaves IT projects vulnerable

A recent study found that as IT projects proliferate, cybersecurity's shortage of skills is leaving tech vulnerable. Analyst and study author Jon Oltsik explains in this Q&A. Continue Reading
Podcast 23 Feb 2018

Relentless AI cyberattacks will require new protective measures

AI cyberattacks won't be particularly clever; instead, they'll be fast and fierce. Carnegie Mellon University's Jason Hong explains in this episode of 'Schooled in AI.' Continue Reading
Answer 22 Feb 2018

Tech vs. training: Where should business focus cybersecurity spending?

As information security budgets grow, cybersecurity spending needs to be focused on employee-centric areas like training to be effective. ISSA's Candy Alexander explains why. Continue Reading
News 19 Feb 2018

GRC professionals: Regs, big data, cloud top IT priorities 2018

Regulatory initiatives remain at the top of GRC pros' lists of tech projects, according to TechTarget's annual IT Priorities 2018 survey, but grab less attention than last year. Continue Reading
Tip 19 Feb 2018

How to prep for the GDPR breach notification rule

As companies prep for GDPR compliance, its breach notification rule is making waves. Csaba Krasznay, security evangelist at Balabit, discusses how to prep for Article 33 of GDPR. Continue Reading
News 16 Feb 2018

CISO responsibilities: Building a mission-based cybersecurity program

'Vanquish the enemy you can see ... then prepare for the next engagement.' Brooks Brothers' Phillip Miller gives fellow CISOs new ways to think about a cybersecurity program. Continue Reading
Blog Post 09 Feb 2018

Being Cyber Essentials certified will help prep for GDPR

With enforcement of the EU General Data Protection Regulation (GDPR) in the offing, organizations are busy preparing for a new era in privacy regulation. But UK companies that are Cyber Essentials ... Continue Reading
Tip 01 Feb 2018

RM principles should guide compliance management system development

Regulatory agencies offer broad guidance for compliance management system development, but companies may be best served by referring to widely accepted risk management principles. Continue Reading
News 31 Jan 2018

Law firm: Trump administration policies may reshape IT outsourcing

Trump administration policies on the H-1B visa program for foreign workers and 'political uncertainty' may accelerate the move to the cloud in 2018, a Mayer Brown attorney says. Continue Reading
News 31 Jan 2018

Ransomware outbreak threat calls for backup and DR strategy

IT departments deploy a range of data restore approaches to mitigate the risk of a debilitating ransomware attack. Time is of the essence, however. Continue Reading
News 30 Jan 2018

In 2018, legal tech trends attest to power of data

Data becomes paramount, worldwide laws may call for contractual changes and the demand for digital services is prompting a litigation shift, according to law firm Mayer Brown. Continue Reading
Tip 19 Jan 2018

IT areas of focus in 2018 include outcome-based security services, data lakes

Rahul Singh, managing director at IT outsourcing advisory Pace Harmon, dissects the 2018 trends in three important IT areas for CIOs. Continue Reading
Blog Post 15 Jan 2018

For CFOs, cybersecurity investments become a priority

Cybersecurity is no longer just an IT problem; it's a cross-functional priority for the enterprise. As cyberattacks and cyber risk continue to swell, the cybersecurity consciousness among the ... Continue Reading
Feature 14 Aug 2017

Mitigating security risks posed by emerging tech: Expert advice

Companies are in hot pursuit of the benefits offered by cutting-edge technologies, but mitigating security risks often gets scant attention. CIOs need to change that. Here's how. Continue Reading
News 28 Jul 2017

No code platform: Verité manages big projects via Quick Base

Verité, a non-profit organization focusing on labor conditions in international supply chains, turned to a no code product to boost efficiency and manage complex projects. Continue Reading
Tip 12 Jun 2017

Data asset curation: The guidelines to determine information usability

Keeping track of existing data assets is increasingly difficult, but detailed curation of this vital company information can help streamline evolving digital governance processes. Continue Reading
Video 25 Aug 2016

The difference between pipe and platform business models

Sangeet Paul Choudary, founder and CEO at advisory and research firm, Platformation Labs, explains the difference between platform business models and traditional pipe models. Continue Reading
Tip 03 Aug 2016

Aligning IT and compliance procedures increasingly a business priority

Companies' regulatory management and tech teams often still operate independently, but businesses are starting to recognize the benefits of IT and compliance procedure alignment. Continue Reading
Tip 28 Apr 2016

Without IT process documentation, companies risk being held 'hostage' by IT

As cybersecurity breaches surge, it's important that company leadership know what IT is up to. Kevin McDonald explains why IT process documentation is a must-have best practice. Continue Reading
Tip 08 Jan 2016

The steps to effective cybersecurity incident response

Planning and foresight are essential to any cybersecurity incident response plan. Follow these steps to make sure you're ready for a data breach. Continue Reading