Risk management and governance

With today's exponential advances in technology, CIOs, CTOs, CDOs and other IT leaders need critical advice on risk management and governance. Get news, guides and tips about technology-related compliance and data privacy issues, regulatory frameworks, limits on enterprise software development, cyber risk issues, metaverse dangers, cryptocurrency regulation and more.

Top Stories

News 01 Jun 2023
A look at 'risk of extinction from AI' statement

The statement equates the potential risk of human eradication from AI to that of nuclear war. However, some argue society should instead mitigate the existing risk of AI bias. Continue Reading
Feature 24 May 2023
What is the metaverse? An explanation and in-depth guide

The metaverse is described as the inevitable evolution of the internet. But what exactly is the metaverse, and what will it become? Learn what businesses need to know now. Continue Reading

News 20 Apr 2018

Juniper CEO Rahim stresses cybersecurity training, automation at RSA 2018

During his RSA Conference keynote, Juniper CEO Rami Rahim encouraged leaders to be "agents of change" that embrace automation in cybersecurity and new training techniques. Continue Reading
Feature 17 Apr 2018

Tackling security debt: The role of risk register, patch management

In this Q&A, Akamai's Dave Lewis offers pointers on how to address security debt and also discusses how organizations can avoid incurring such debt. Continue Reading
Feature 13 Apr 2018

Lacking data management processes holds back digital business

The business fallout of poor data management processes goes well beyond security and privacy implications. Evident IT CEO David Thomas explains in this SearchCompliance Q&A. Continue Reading
Answer 11 Apr 2018

How do attackers build and use phishing kits?

With attackers looking to maximize their ROI, they are employing what is called a phishing kit to run scam campaigns. In this Ask the Expert, learn how such kits are built. Continue Reading
Feature 06 Apr 2018

Crypto-agility: Strategies and best practices to get there

Staying crypto-agile is vital for data security. Venafi's Paul Turner discusses how to establish crypto-agility and the need for creating an inventory of cryptographic assets. Continue Reading
Blog Post 30 Mar 2018

Cyber awareness program: How one CISO became a believer

It took a nation-state attack for Alan Levine to realize the importance of implementing a cyber awareness program. "I believed that cyber awareness training was useless because I believed my users ... Continue Reading
Tip 30 Mar 2018

How to overcome multi-cloud disaster recovery challenges

As multi-cloud environments proliferate, data backup and recovery tech is essential. Here's how to assess enterprise multi-cloud disaster recovery capabilities -- and limitations. Continue Reading
Feature 30 Mar 2018

FAQ: How is digitization influencing SEC compliance priorities?

As online trading and digital finance becomes the norm, updated SEC compliance regulations target these transactions in an effort to improve digital asset security. Continue Reading
Feature 29 Mar 2018

From phishing attempt circumvention to AI, new CIO has a big job

As the new CIO at Snow Software, Alastair Pooley is taking on a range of priorities, from helping the business to recognize a phishing attempt to exploring AI for customer support. Continue Reading
News 27 Mar 2018

MIT: Energy-efficient chip improves IoT encryption, authentication

MIT researchers have developed an energy-efficient, hard-wired chip that they say will benefit IoT encryption and ease authentication processes in the IoT environment. Continue Reading
Feature 23 Mar 2018

Cybersecurity skills gap: Get creative about cyber hiring

Hiring candidates from disciplines beyond infosec can go a long way to address the widening cybersecurity skills gap, says industry veteran Javvad Malik. Continue Reading
Answer 20 Mar 2018

How can the CISO become a business enabler?

For a cybersecurity program to be effective, CISOs must be viewed as business enablers. Kudelski Security's John Hellickson offers tips on how CISOs can make the transformation. Continue Reading
Feature 19 Mar 2018

Cybersecurity trend forecast: Streamlined, simplified security

In this SearchCIO Q&A, Javvad Malik discusses why streamlining infosec processes is becoming a top cybersecurity trend and how new tech influences the infosec industry. Continue Reading
News 16 Mar 2018

Ex-Equifax CIO's insider trading indictment a red flag for IT execs

A former Equifax CIO has been indicted for insider trading following the company's 2017 data breach. Will it force IT execs to reexamine the importance of proper breach response? Continue Reading
Blog Post 15 Mar 2018

AI's exponential curve: More from my interview with ISACA's Rob Clyde

I recently talked about the use of AI in the enterprise with Rob Clyde, vice chairman of the board of directors at ISACA, an organization focused on IT governance. The conversation focused on a new ... Continue Reading
News 15 Mar 2018

ISACA: Build security into artificial intelligence hardware

A new paper on how to fight off malicious AI recommends adding security features to AI chips. ISACA's Rob Clyde explains why that's a good idea. Continue Reading
News 15 Mar 2018

Companies ill-equipped to combat malicious AI

Companies are on the precipice of being attacked by malicious AI but lack the skills and tools needed to put up a basic defense, according to ISACA's Rob Clyde. Continue Reading
News 06 Mar 2018

IBM's cloud strategy homes in on developers

To boost its profile in IaaS, IBM's cloud strategy has shifted focus from CIOs to developers. Whether the multipronged appeal to developers will pan out remains an open question. Continue Reading
Blog Post 28 Feb 2018

Quest for resilience turns up ransomware backup strategy

Waste Industries found an unexpected benefit in a software project that aimed to make data always available: a ransomware backup strategy. Continue Reading
Blog Post 28 Feb 2018

AI attacks are coming soon to a network near you

The rapid development of artificial intelligence and machine learning is a double-edged sword. The technologies are becoming cheaper and easier to apply to the enterprise, which is also making it ... Continue Reading
Blog Post 28 Feb 2018

Unlockable iPhones, leaked code among Apple's security woes

Security on Apple devices might not be as impenetrable as many thought. Forbes reported this week that Cellebrite, an Israel-based vendor and major U.S. government contractor, is now able to unlock ... Continue Reading
Blog Post 28 Feb 2018

Survey: Attorneys still lack proficiency in e-discovery technology

E-discovery technology has become an integral -- and essential -- element of the modern legal process, but a new report suggests attorneys are still struggling to embrace the technology. A survey ... Continue Reading
Feature 28 Feb 2018

New tech creates new attack vectors, cybersecurity vulnerabilities

CISO John Germain explains how tech like AI and IoT are revolutionizing business -- and creating new cybersecurity vulnerabilities as data protection is left on the back burner. Continue Reading
Answer 28 Feb 2018

Is end user training essential to data loss prevention program success?

Regulations like the GDPR promise to enforce stricter data protection rules. While a data loss prevention program can help, it requires end-user training to ease adoption. Continue Reading
News 27 Feb 2018

DLP implementation: Partner with the business for success

Data loss prevention strategies help prevent unauthorized disclosure of sensitive information. For a DLP strategy to be successful, however, business-wide buy-in is required. Continue Reading
Feature 27 Feb 2018

Tech, growing data sets complicate enterprise cybersecurity strategy

Emerging tech has grown companies' data sets and made IT environments increasingly complex. As IT capabilities evolve, enterprise cybersecurity strategy is struggling to keep up. Continue Reading
Blog Post 26 Feb 2018

DTIM platform: New weapon against digital threats?

Digital threats pose a big challenge for organizations today, and cybercrime groups are only getting better at achieving their goals: In 2016, nearly one billion personal records and over one ... Continue Reading
Feature 23 Feb 2018

Cybersecurity's shortage of skills leaves IT projects vulnerable

A recent study found that as IT projects proliferate, cybersecurity's shortage of skills is leaving tech vulnerable. Analyst and study author Jon Oltsik explains in this Q&A. Continue Reading
Podcast 23 Feb 2018

Relentless AI cyberattacks will require new protective measures

AI cyberattacks won't be particularly clever; instead, they'll be fast and fierce. Carnegie Mellon University's Jason Hong explains in this episode of 'Schooled in AI.' Continue Reading
Answer 22 Feb 2018

Tech vs. training: Where should business focus cybersecurity spending?

As information security budgets grow, cybersecurity spending needs to be focused on employee-centric areas like training to be effective. ISSA's Candy Alexander explains why. Continue Reading
News 19 Feb 2018

GRC professionals: Regs, big data, cloud top IT priorities 2018

Regulatory initiatives remain at the top of GRC pros' lists of tech projects, according to TechTarget's annual IT Priorities 2018 survey, but grab less attention than last year. Continue Reading
Tip 19 Feb 2018

How to prep for the GDPR breach notification rule

As companies prep for GDPR compliance, its breach notification rule is making waves. Csaba Krasznay, security evangelist at Balabit, discusses how to prep for Article 33 of GDPR. Continue Reading
News 16 Feb 2018

CISO responsibilities: Building a mission-based cybersecurity program

'Vanquish the enemy you can see ... then prepare for the next engagement.' Brooks Brothers' Phillip Miller gives fellow CISOs new ways to think about a cybersecurity program. Continue Reading
Blog Post 09 Feb 2018

Being Cyber Essentials certified will help prep for GDPR

With enforcement of the EU General Data Protection Regulation (GDPR) in the offing, organizations are busy preparing for a new era in privacy regulation. But UK companies that are Cyber Essentials ... Continue Reading
Tip 01 Feb 2018

RM principles should guide compliance management system development

Regulatory agencies offer broad guidance for compliance management system development, but companies may be best served by referring to widely accepted risk management principles. Continue Reading
News 31 Jan 2018

Law firm: Trump administration policies may reshape IT outsourcing

Trump administration policies on the H-1B visa program for foreign workers and 'political uncertainty' may accelerate the move to the cloud in 2018, a Mayer Brown attorney says. Continue Reading
News 31 Jan 2018

Ransomware outbreak threat calls for backup and DR strategy

IT departments deploy a range of data restore approaches to mitigate the risk of a debilitating ransomware attack. Time is of the essence, however. Continue Reading
News 30 Jan 2018

In 2018, legal tech trends attest to power of data

Data becomes paramount, worldwide laws may call for contractual changes and the demand for digital services is prompting a litigation shift, according to law firm Mayer Brown. Continue Reading
Tip 19 Jan 2018

IT areas of focus in 2018 include outcome-based security services, data lakes

Rahul Singh, managing director at IT outsourcing advisory Pace Harmon, dissects the 2018 trends in three important IT areas for CIOs. Continue Reading
Blog Post 15 Jan 2018

For CFOs, cybersecurity investments become a priority

Cybersecurity is no longer just an IT problem; it's a cross-functional priority for the enterprise. As cyberattacks and cyber risk continue to swell, the cybersecurity consciousness among the ... Continue Reading
Feature 14 Aug 2017

Mitigating security risks posed by emerging tech: Expert advice

Companies are in hot pursuit of the benefits offered by cutting-edge technologies, but mitigating security risks often gets scant attention. CIOs need to change that. Here's how. Continue Reading
News 28 Jul 2017

No code platform: Verité manages big projects via Quick Base

Verité, a non-profit organization focusing on labor conditions in international supply chains, turned to a no code product to boost efficiency and manage complex projects. Continue Reading
Tip 12 Jun 2017

Data asset curation: The guidelines to determine information usability

Keeping track of existing data assets is increasingly difficult, but detailed curation of this vital company information can help streamline evolving digital governance processes. Continue Reading
Video 25 Aug 2016

The difference between pipe and platform business models

Sangeet Paul Choudary, founder and CEO at advisory and research firm, Platformation Labs, explains the difference between platform business models and traditional pipe models. Continue Reading
Tip 03 Aug 2016

Aligning IT and compliance procedures increasingly a business priority

Companies' regulatory management and tech teams often still operate independently, but businesses are starting to recognize the benefits of IT and compliance procedure alignment. Continue Reading
Tip 28 Apr 2016

Without IT process documentation, companies risk being held 'hostage' by IT

As cybersecurity breaches surge, it's important that company leadership know what IT is up to. Kevin McDonald explains why IT process documentation is a must-have best practice. Continue Reading
Tip 08 Jan 2016

The steps to effective cybersecurity incident response

Planning and foresight are essential to any cybersecurity incident response plan. Follow these steps to make sure you're ready for a data breach. Continue Reading
Tip 07 Jan 2016

How to test your DR/BC plan

Woe to the IT organization that hasn't taken its DR/BC plan out for a spin. The right kind of testing will close the gaps and save IT and the business a lot of grief. Continue Reading
Tip 29 Sep 2015

How to govern your IT outsourcing provider after the ITO deal is done

The best ITO deals need tweaking as time goes on. Good governance ensures that you and your IT outsourcing provider are on the same page. Continue Reading
Tip 10 Mar 2015

Staff shortage impacted by security and compliance skills demand

The data threat landscape has forced companies to rethink hiring processes before a staff shortage negatively impacts security and compliance. Continue Reading
Tip 03 Oct 2014

SOX compliance reliant on data governance strategy, with IT support

SOX compliance hinges on an effective data governance strategy, but much needed help is available from information technology tools and processes. Continue Reading
News 31 Jul 2014

The benefits and drawbacks of regulatory compliance automation

Increasingly complicated compliance mandates have led some businesses to implement automated processes to save resources. Participants in July's #GRCChat said compliance automation can assist data management, but also warned of unintended consequences. Continue Reading
News 24 Jul 2014

What to include in a post-DR-test after-action review

What should go into your organization's after-action review following a disaster recovery test? #CIOChat participants suggest what to include in the report and why. Continue Reading
Tip 09 Jul 2014

Three steps to keep IT policies and procedures regulatory compliant

Corporate compliance and risk management expert Jeffrey Jenkins shares how he ensures IT policies and procedures remain in sync with current compliance regulations. Continue Reading
Feature 24 Jun 2014

Can automated segregation of duties benefit regulatory compliance?

In this feature, Michael Rasmussen explains why automated SoD reduces compliance costs as well as the potential for fraud and lawsuits. Continue Reading
Tip 18 Nov 2013

Preparation underway for Dodd-Frank conflict mineral disclosures

Dodd-Frank conflict mineral provisions create new disclosure rules for public companies. In this tip, learn how to prepare for the regulations. Continue Reading
Tip 13 Nov 2013

CIO tip: Learn how to present a risk-management plan to the board

CIO tip: Companies are getting serious about risk management plans -- and leaning on CIOs to help them. Continue Reading
Tip 22 Oct 2013

Three strategies to align organizational compliance and security goals

Compliance and security departments sometimes have an adversarial relationship, but organizations can benefit from aligning their strategic goals. Continue Reading
Feature 30 Jul 2013

All aboard: CIO wins the battle, initiates centralized IT organization

Our SearchCIO IT Leader of the Year Award winner, CIO Eric Hawley, explains how he built a centralized IT environment -- starting with listening. Continue Reading
Opinion 12 Jun 2013

The GRC maturity model and value proposition

In this CIO Matters column, Harvey Koeppel takes a look at the GRC maturity model and how CIOs can turn risk management into business value. Continue Reading
Tip 28 Feb 2013

Four steps to defining and articulating the role of risk management

Risk management programs are under pressure from all quarters. Here are four steps to defining and articulating the role of risk management. Continue Reading
Tip 01 Nov 2012

Free IT organizational structure chart templates for the CIO

Use these free IT organizational structure chart templates to illustrate the relationships and hierarchy between various IT roles in your enterprise. Continue Reading
News 23 Apr 2012

ISACA: Update to COBIT 5 governance framework maximizes IT assets

ISACA’s update to its popular COBIT 5 framework incorporates a business-wide approach the organization says helps enterprises maximize their information and technology assets. Continue Reading
Tip 16 Mar 2012

Five tips to help guide green compliance at your organization

As more industries push for environmentally friendly processes, green compliance is a major concern. Here are tips to help incorporate the right green IT practices at your organization. Continue Reading
Tip 02 Mar 2012

Is your SaaS system in line with SOX compliance requirements?

A SaaS vendor can provide many benefits, but adhering to SOX compliance requirements remains a concern. Here’s help to stay compliant when using Software as a Service. Continue Reading
Tutorial 03 Oct 2011

FAQ: Four criteria for an effective IT innovation strategy

In this FAQ, IT executives share four ways to kick-start and manage an IT innovation strategy that drives business value and transformation. Continue Reading
Tip 16 Aug 2011

How protecting against the OWASP Top 10 helps prevent compliance risk

Mapping security processes to protect against the OWASP Top 10 could ease Web application vulnerabilities and help some companies stay compliant. Continue Reading
Quiz 15 Aug 2011

Test your social media risk management IQ: A SearchCompliance.com quiz

Proliferating social networks have cast a spotlight on social media risk management. Take our quiz to find out if you are up to speed on social media. Continue Reading
Tip 28 Apr 2011

How GRC, sustainability and CSR relate to one another

How your organization determines the relationships among GRC, sustainability and CSR depends on the context of each item -- and is dependent on management's goals. Continue Reading
Tip 10 Dec 2010

AML compliance and money service businesses

Money service businesses are a growing part of the financial services industry but compliance with anti-money regulations is critical. Continue Reading
Feature 17 Jun 2010

FAQ: GARP and how it helps you achieve better information governance

Many organizations do not have an information governance structure that works with defined record-keeping principles that ensures accountability. GARP may be your answer. Continue Reading
Tip 06 Oct 2009

Threat management for information systems relies on categorization

Every information system faces threats, but not all threats should be treated equally. ISO 27005 offers a guide on how to categorize threats to your organization. Continue Reading
News 06 Oct 2009

GPS devices, geolocation data create privacy, security risks

Emerging technologies that allow users to broadcast geographic locations raise many issues for companies, CIOs, while legislatures and the FTC consider legal aspects. Continue Reading
Tip 01 Oct 2009

HIPAA-covered entities' first step should be a quality assurance plan

HIPAA-covered entities must leverage or install a good QA team, an effort that should be driven from the top down and be part of the strategic plan of the technology organization. Continue Reading
Feature 22 Jun 2009

Chapter excerpt: Decision-making processes and IT governance

Find out how sound decision-making processes form the foundation of IT governance policies by allocating decision rights and accountability. Continue Reading
News 19 Jun 2009

Twitter security risks, popularity spark regulatory concerns

Twitter can be used for social good, business and journalism, but the potential for exploitation by cybercriminals and noncompliance with regulatory requirements is real and growing. Continue Reading
Tip 09 Jun 2009

How AML compliance applies to remote deposit capture

Financial institutions rushing to deploy remote deposit capture (RDC) need to consider how the Bank Secrecy Act and anti-money laundering regulations apply to the technology. In this tip, Dan Fisher explains what measures institutions need to take to ensure compliance with BSA/AML laws in their RDC implementations. Continue Reading
Tip 19 May 2009

Why it may not be ideal for your lawyer to be your compliance officer

While lawyers bring a certain expertise to the table, business leaders need a broader range of technical, security and communications skills in their compliance officers. Continue Reading