Risk management and governance
With today's exponential advances in technology, CIOs, CTOs, CDOs and other IT leaders need critical advice on risk management and governance. Get news, guides and tips about technology-related compliance and data privacy issues, regulatory frameworks, limits on enterprise software development, cyber risk issues, metaverse dangers, cryptocurrency regulation and more.
Top Stories
-
Tip
25 Mar 2024
Metaverse pros and cons: Top benefits and challenges
Lifelike experiences and new business opportunities are among the potential benefits of the still-developing metaverse. Drawbacks include privacy violations and addiction. Continue Reading
-
Feature
22 Mar 2024
What is the metaverse? An explanation and in-depth guide
The metaverse reached the peak of hype and has been left for dead, but make no mistake, the technologies that will power this 3D internet are firing on all cylinders. Continue Reading
-
News
22 Jun 2022
Senate bill a step forward for cryptocurrency regulation
A bipartisan cryptocurrency regulation bill gives the digital assets market much-needed definitions that will enable a regulatory framework to fall into place, experts say. Continue Reading
-
Definition
22 Jun 2022
information technology (IT) director
An information technology (IT) director is the person in charge of technology within an organization. IT directors manage technology resources and employees to ensure that IT operations run smoothly. Continue Reading
-
News
17 Jun 2022
Experts debate antitrust law enforcement benefits
Experts debate whether antitrust law enforcement should go beyond promoting competition and focus on other factors. Continue Reading
-
News
16 Jun 2022
U.S. senator highlights role of antitrust lawsuits, reform
During the American Antitrust Institute's annual conference, Sen. Richard Blumenthal spoke on the importance of antitrust law for reining in big tech. Continue Reading
-
Tip
14 Jun 2022
How to create a proof of concept with 6 free templates
What is a proof of concept and how does it help an organization? Here we dive into the importance of writing a POC and provide a list of free templates to help get you started. Continue Reading
-
News
10 Jun 2022
To secure supply chain, US needs semiconductor chip sites
To make U.S. semiconductor chip fabrication facilities successful long-term, experts say chip buyers such as Apple need to be included at the table during the planning process. Continue Reading
-
Tip
10 Jun 2022
15 tips for delivering a successful presentation to the board
What do you do when everyone thinks they're the smartest person in the room, and all of them are counting on you for answers? Here's how to give a presentation to the board. Continue Reading
-
Definition
09 Jun 2022
regulatory compliance
Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business processes. Continue Reading
-
News
08 Jun 2022
Texas social media law brings content debate to Supreme Court
The Supreme Court recently blocked a Texas social media law that would have limited content removal, but that's likely not the end of the court's involvement on the issue. Continue Reading
-
Feature
03 Jun 2022
What is IT-business alignment and why is it important?
It's more important than ever that IT and the business operate from the same playbook. So why do so many organizations struggle to achieve IT-business alignment? Continue Reading
-
News
24 May 2022
MIT Sloan panelists urge cyber resilience focus
Enterprises must prepare for cyber-adversity, think beyond protection, establish lines of communication -- and learn to take a punch, according to security executives. Continue Reading
-
Tip
24 May 2022
CIO career path: How to become a CIO
The career path to becoming a CIO has evolved as the role has become increasingly critical to business success. Find out how to become a CIO and what the job entails. Continue Reading
-
Definition
23 May 2022
e-business (electronic business)
E-business (electronic business) is the conduct of business processes on the internet. Continue Reading
-
Definition
23 May 2022
business resilience
Business resilience is the ability an organization has to quickly adapt to disruptions while maintaining continuous business operations and safeguarding people, assets and overall brand equity. Continue Reading
-
Tip
20 May 2022
8 free IT strategic planning templates and examples for CIOs
As technology becomes a business differentiator, a well-thought-out IT strategy plan is more crucial than ever. These IT strategy templates help CIOs make IT a business driver. Continue Reading
-
News
20 May 2022
In wake of crash, cryptocurrency regulation focus heightens
The recent crash of TerraUSD, a stablecoin that is a type of cryptocurrency, could rouse further regulatory scrutiny. Continue Reading
-
News
19 May 2022
CEOs name environmental sustainability a top business focus
Businesses are increasingly focused on their environmental sustainability efforts, as investors, customers and regulators drive sustainability prioritization. Continue Reading
-
News
19 May 2022
DHS pauses newly created Disinformation Governance Board
Concerns about the spread of disinformation prompted DHS to create the Disinformation Governance Board, which was immediately met with criticism from Republican lawmakers. Continue Reading
-
News
17 May 2022
MIT-CIO event explores pandemic's effect on digital ecosystems
Allan Tate, executive chair of the MIT Sloan CIO Symposium, lays out the big idea of the 2022 conference and explains how the event itself reflects its relevance. Continue Reading
-
News
13 May 2022
Policymaker proposes commission to oversee digital platforms
The proposed Federal Digital Platform Commission would oversee tech giants and could impose penalties and conduct investigations into bad conduct. Not everyone thinks it will work. Continue Reading
-
News
13 May 2022
Roe v. Wade reversal could hinder data privacy rights
Tech companies could start feeling pressure from consumers to limit data collection should Roe v. Wade be overturned. Continue Reading
-
Tip
13 May 2022
CIO vs. CTO: Key differences in roles and responsibilities
CIOs and CTOs both play a valuable role in a company's technology strategy, but their focus and responsibilities are different. Learn more. Continue Reading
-
Definition
12 May 2022
consumerization of IT
The consumerization of IT refers to how software and hardware products designed for personal use migrated into the enterprise and were used for work purposes. Continue Reading
-
News
12 May 2022
MIT Sloan innovation startups pursue AI at scale
Modzy and Snowplow are among the early-stage companies aiming to move AI from science project to enterprise asset. Success will let businesses reap the benefits of the technology. Continue Reading
-
News
05 May 2022
CIOs need to balance tech with business sustainability
As CIOs consider new technologies to help reach business sustainability goals, investors also want to see the right governance in place when it comes to climate risk management. Continue Reading
-
Definition
03 May 2022
change management
Change management is a systematic approach to dealing with the transition or transformation of an organization's goals, processes or technologies. Continue Reading
-
Tip
29 Apr 2022
6 information governance best practices
An information governance plan ensures that an organization's content lifecycle meets compliance and business needs. Best practices can help organizations craft an effective plan. Continue Reading
-
Definition
28 Apr 2022
business transformation
Business transformation is a term used to describe what happens when a company makes fundamental changes to how it operates. Continue Reading
-
News
27 Apr 2022
Elon Musk poised to disrupt social media industry
Elon Musk could disrupt the social media industry with his purchase of Twitter and move the company away from social media's traditional reliance on advertising revenue. Continue Reading
-
Feature
27 Apr 2022
Bolstered BPMN standard is core of new BPM+ ecosystem
BPMN, now part of the expansive BPM+ ecosystem, has been updated with new capabilities to handle complex business processes and the use of advanced technologies. Continue Reading
-
News
22 Apr 2022
Digital humanism aims to balance human needs, emerging tech
Digital humanism is an approach to designing a digital future with human values and needs in mind, a concept arriving in response to the unchecked power of digital platforms. Continue Reading
-
News
15 Apr 2022
SEC chair touts benefits of climate risk disclosure rule
Interested parties are weighing in on the SEC's proposed climate risk disclosure rule, which is available for comment until May 20. Continue Reading
-
News
15 Apr 2022
Tech giants balk at competition bill, Digital Markets Act
The EU has already reached an agreement on their Digital Markets Act, which would open tech giants' tightly controlled app stores and platforms to third parties. Continue Reading
-
Feature
14 Apr 2022
Study attests: Cloud apps, remote users add to data loss
A study from ESG found many customers attribute data loss and compliance troubles to the race to put apps in the cloud and accommodate remote workers amid the pandemic. Continue Reading
-
News
07 Apr 2022
Long, costly road ahead for FTC antitrust case against Meta
The Federal Trade Commission's antitrust case against Meta is relying on the argument that past acquisitions helped Meta maintain its dominance in the social media market. Continue Reading
-
Definition
05 Apr 2022
digital enterprise
A digital enterprise is an organization that uses technology as a competitive advantage in its internal and external operations. Continue Reading
-
Definition
05 Apr 2022
SOC 1 (System and Organization Controls 1)
System and Organization Controls 1, or SOC 1 (pronounced "sock one"), aims to control objectives within a SOC 1 process area and documents internal controls relevant to an audit of a user entity's financial statements. Continue Reading
-
News
31 Mar 2022
Tech companies in Ukraine open economic front in Russian war
Developers and engineers serve as an economic bulwark in the country's battle for survival. The regional reshuffling of talent, meanwhile, could spell higher costs for IT buyers. Continue Reading
-
News
24 Mar 2022
SEC's proposed climate rule a game-changer for sustainability
Experts are praising the SEC's newly proposed climate risk disclosure rule, which would require businesses to bake climate risk into their overall risk management plans. Continue Reading
-
News
23 Mar 2022
Metaverse platforms offer opportunity and risk for CIOs
Accenture's recent Technology Vision event underscored the transformational possibilities of virtual worlds, but also pointed to security and safety challenges. Continue Reading
-
Definition
21 Mar 2022
Sarbanes-Oxley Act (SOX) Section 404
Sarbanes-Oxley Act (SOX) Section 404 mandates that all publicly traded companies must establish internal controls and procedures for financial reporting and must document, test, and maintain those controls and procedures to ensure their effectiveness. Continue Reading
-
Definition
21 Mar 2022
COPPA (Children's Online Privacy Protection Act )
The Children's Online Privacy Protection Act of 1998 (COPPA) is a federal law that imposes specific requirements on operators of websites and online services to protect the privacy of children under 13. Continue Reading
-
Definition
15 Mar 2022
Chief Technology Officer (CTO)
The chief technology officer (CTO) is the individual within an organization who oversees the current technology and creates relevant policy. Continue Reading
-
News
07 Mar 2022
US awaits bill boosting technology competition with China
China's investments in tech have spurred the U.S. to take action with a U.S. technology competition bill funneling billions into tech innovation and development. Continue Reading
-
News
04 Mar 2022
Russian sanctions prompt tech to stop sales, curb services
At the urging of Ukraine's Vice Prime Minister Mykhailo Fedorov and economic sanctions, companies including Apple, Google and Microsoft have limited business operations in Russia. Continue Reading
-
Definition
02 Mar 2022
North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)
The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) plan is a set of standards aimed at regulating, enforcing, monitoring and managing the security of the Bulk Electric System (BES) in North America. Continue Reading
-
News
25 Feb 2022
Sanctions cost Russia US tech, and that may hurt
The U.S. has issued sanctions against Russia for its military invasion of Ukraine, which could face devastating IT service delivery disruption if the conflict continues. Continue Reading
-
News
16 Feb 2022
Proposal for federal tech policy focuses on privacy, security
The Future of Tech Commission wants the federal government to initiate a coordinated effort to address issues like data privacy and competition. Continue Reading
-
News
11 Feb 2022
House bill tracks foreign investment in U.S. mergers
The Foreign Merger Subsidy Disclosure Act would allow federal antitrust enforcement agencies to track foreign government investment behind U.S. business mergers. Continue Reading
-
News
08 Feb 2022
Federal regulatory efforts could affect VR, metaverse
Although Congress isn't looking to regulate VR or the metaverse yet, its efforts on antitrust and data privacy could have impacts down the road. Continue Reading
-
News
07 Feb 2022
IRS drops facial recognition plans after criticism
The agency said it will no longer require taxpayers to use a third-party website to authenticate identity and will develop its own tools to boost security and prevent fraud. Continue Reading
-
News
02 Feb 2022
Federal data privacy law efforts fizzle
As Congress shifts to antitrust enforcement, the momentum behind creating a federal data privacy law is waning. The states, meanwhile, are adopting privacy laws. Continue Reading
-
Definition
24 Jan 2022
Ethereum
Ethereum is an open source, distributed software platform based on blockchain technology. Continue Reading
-
News
18 Jan 2022
FTC, DOJ seek public input on merger guidelines
The FTC and DOJ want public input on the government's merger guidelines, used to challenge potentially anticompetitive mergers. The agencies believe the rules are out of date and ineffective. Continue Reading
-
Tip
22 Dec 2021
Cybersecurity asset management takes ITAM to the next level
Security pros need to focus on cybersecurity asset management for devices, services and the vendors that can help. Use our checklist to find out how and where to start. Continue Reading
-
Definition
28 Oct 2021
COSO Framework
The COSO Framework is a system used to establish internal controls to be integrated into business processes. Continue Reading
-
News
27 Oct 2021
Senators push for more online child privacy protections
U.S. senators expressed frustration with social media giants for not supporting specific legislation enhancing child privacy protections online. Continue Reading
-
Feature
18 Oct 2021
Litigants face tough road with antitrust lawsuits
As big tech companies like Google and Facebook fight antitrust lawsuits in court, experts are divided on whether core antitrust laws need updating for the modern economy. Continue Reading
-
Tip
12 Oct 2021
How to evaluate and select GRC vendors and tools
There is a variety of governance, risk and compliance software on the market. Learn about some of the available products and how best to evaluate GRC tools and vendors. Continue Reading
-
Feature
12 Oct 2021
Implementing an enterprise risk management framework
A well-designed ERM framework provides a playbook to avert corporate disasters, generate competitive advantages and create business opportunities. Continue Reading
-
Definition
07 Oct 2021
chief trust officer
A chief trust officer in the IT industry is an executive job title given to the person responsible for building confidence around the use of customer information. Continue Reading
-
News
30 Sep 2021
Differing data privacy polices challenge EU, US tech council
The EU-U.S. Trade and Technology Council plans to develop standards, address supply chain issues and define approaches to data governance, but the road ahead could be a bumpy one. Continue Reading
-
Guest Post
11 Aug 2021
IoT legislation device manufacturers need to know about
To avoid penalties and meet government agency requirements, IoT device manufacturers must adhere to new standards and regulations. Learn the latest here. Continue Reading
-
News
06 Aug 2021
Amazon GDPR fine signals expansion of regulatory focus
Amazon's $887 million GDPR fine likely stems from consumer consent and may indicate the EU is moving beyond data breaches and zeroing in on data practices. Continue Reading
-
Definition
17 Jun 2021
Gramm-Leach-Bliley Act (GLBA)
The Gramm-Leach-Bliley Act (GLB Act or GLBA), also known as the Financial Modernization Act of 1999, is a federal law enacted in the United States to control the ways financial institutions deal with the private information of individuals. Continue Reading
-
News
14 Jun 2021
Federal data privacy legislation could benefit U.S. economy
Data privacy laws are becoming part of a 'modern economy,' according to Google's Kate Charlet, director for data governance. Continue Reading
-
Tip
24 May 2021
An adequacy audit checklist to assess project performance
Adequacy audits are conducted to assess the efficacy of IT system controls and identify areas for performance or other improvements. Use this audit checklist to get started. Continue Reading
-
Feature
15 Apr 2021
Managing cybersecurity during the pandemic and in the new digital age
Roota Almeida, CISO at Delta Dental of New Jersey and Delta Dental of Connecticut, talks about the cybersecurity threats she's seen over the last year and how she's effectively managing her security team. Continue Reading
-
Definition
14 Apr 2021
compliance risk
Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting from its failure to act in accordance with industry laws and regulations, internal policies or prescribed best practices. Continue Reading
-
News
25 Feb 2021
Texas power outage flags need to revisit business continuity
Freezing conditions that caused Texas power outages affected businesses well beyond the state's borders, prompting a need for business continuity plans to be revisited. Continue Reading
-
Feature
11 Feb 2021
Changes to U.S. antitrust laws could hamper innovation
Antitrust lawsuits and regulatory proposals could have a greater impact on the technology industry than regulators expect. Expert Aurelien Portuese explains why. Continue Reading
-
Tip
17 Dec 2020
Top cloud compliance standards and how to use them
Get guidance on how to select relevant cloud compliance standards, along with tips on evaluating third-party providers’ cloud compliance and governance efforts Continue Reading
-
Guest Post
16 Dec 2020
4 reasons to involve CISOs in mergers and acquisitions planning
As mergers and acquisitions go virtual due to COVID-19, the C-suite should include CISOs to help identify security risks, expedite cyber processes, review the new threat landscape and more. Continue Reading
-
News
10 Dec 2020
HHS proposes changes to HIPAA privacy rule
HHS wants to modify the HIPAA privacy rule to encourage better care coordination and make it easier for patients to access their health data. Continue Reading
-
Feature
24 Nov 2020
How does bureaucracy affect business? It's complicated
In his new book, 'The (Delicate) Art of Bureaucracy,' Mark Schwartz, enterprise strategist at AWS and former government bureaucrat, reveals how IT leaders can use bureaucracy to their advantage. Continue Reading
-
Tip
23 Nov 2020
How to conduct an IoT audit for compliance
To effectively prepare for and conduct an IoT audit, organizations need to understand which IT controls are in scope. Get actionable guidance on the audit process in this tip. Continue Reading
-
News
29 Oct 2020
Voting fraud technology could play role in momentous election
Vendors, academics and data scientists are developing technologies to detect irregularities in voting patterns. The turbulent U.S. election could provide fertile turf for the tools. Continue Reading
-
Guest Post
21 Oct 2020
Is your company's IT governance strategy cloud ready?
As companies prepare to migrate to the cloud, they need to review their IT governance strategy before making any decisions to ensure there won't be any issues later. Continue Reading
-
Tip
16 Oct 2020
COVID-19 jolts tech spending, spurs more flexible vendor terms
IT spending by companies in the early days of COVID-19 quickly turned to cost-cutting. Learn how vendors responded with new terms and aggressive discounting for new business. Continue Reading
-
Feature
24 Sep 2020
CMMC requirements set to ripple throughout DOD supply chain
The Department of Defense's CMMC requirements target defense contractors, but organizations throughout the DOD supply chain -- and beyond -- are prepping for the standards. Continue Reading
-
Guest Post
22 Sep 2020
Ensuring your cybersecurity teams are helping the business
Business leaders need to review how they're handling cybersecurity oversight. Are leaders asking the right questions and understanding how their cybersecurity program currently works? Continue Reading
-
Opinion
18 Sep 2020
Trump's dangerous US TikTok ban
President Trump's U.S. TikTok ban over national security is resting on a vague foundation. The concern can be applied to multiple industries and products. Continue Reading
-
Tip
02 Sep 2020
How to ensure cybersecurity and business continuity plans align
We're diving into how and why organizations should have a collection of emergency-focused plans in place that can interact with each other if a cybersecurity attack occurs. Continue Reading
-
Feature
19 Aug 2020
How to maintain cybersecurity remotely during the pandemic
In the second 2020 MIT Sloan CIO Digital Learning Series, a panel of IT security leaders discussed how they are keeping their organizations secure in a COVID-19 environment. Continue Reading
-
Tip
14 Aug 2020
How compliance provides stakeholders evidence of success
Company stakeholders know the importance of corporate compliance. Here's why gauging compliance stakeholders' expectations helps ensure regulatory processes will satisfy them. Continue Reading
-
Tip
11 Aug 2020
The 5 CMMC levels and how to achieve compliance
While the CMMC certification process is still in development, IT leaders should get familiar with the five CMMC levels and learn how to comply with the security maturity model. Continue Reading
-
Guest Post
06 Aug 2020
The contradiction of post COVID-19 risk management
Security vs. usability is always a constant struggle for security teams. The rapid change to remote access during the pandemic has forced companies to revisit their risk management approach. Continue Reading
-
Tip
27 Jul 2020
Why SLA compliance should be top of mind for IT leaders
Service-level agreements are critical to measuring agreed-upon metrics and ensuring accountability of both parties. Learn more about the importance of SLA compliance in IT. Continue Reading
-
Feature
24 Jul 2020
3 types of phishing attacks and how to prevent them
Phishing is the most common type of social engineering attack. Here is a list of the most common phishing attacks, how they wreak havoc on a business and how to protect against them. Continue Reading
-
Feature
21 Jul 2020
Where ISO certification fits in a risk mitigation strategy
Thomas Johnson explores why ISO certification helps organizations as part of their risk mitigation strategy in business continuity planning as companies adjust to the new normal. Continue Reading
-
Tip
21 Jul 2020
Why IT leaders need to be aware of deepfake security risks
While IT security leaders are not yet the target of deepfake attacks, with the increased use of AI, it's important they consider how it can be of harm to the enterprise. Continue Reading
-
Tip
15 Jul 2020
What is the Dodd-Frank voice recording rule for the swaps market?
A Dodd-Frank rule requires swaps dealers to record voice communications, which regulators designed to deter illicit financial activity and improve financial compliance. Continue Reading
-
Tip
07 Jul 2020
Prep a compliance audit checklist that auditors want to see
Think your enterprise is ready for its compliance audit? Check off key points in this compliance audit preparation checklist to ensure it has all the resources needed to help auditors do their job. Continue Reading
-
Tip
24 Jun 2020
IoT compliance standards and how to comply
To address IoT security concerns, it is critical for IT leaders to adhere to IoT compliance standards. Learn more about IoT compliance and its IT-relevant standards. Continue Reading
-
Feature
04 Jun 2020
Know how to secure your home network while working from home
Employees need to know how to properly protect their home networks as they work remotely, including setting policies for security, passwords, disaster recovery and more. Continue Reading
-
Tip
27 May 2020
Ensure IAM compliance by wielding key controls and resources
IAM compliance is a top priority for CIOs. Read up on IAM standards and regulations, and learn how to implement IAM controls to best stay compliant. Continue Reading
-
Opinion
18 May 2020
AI transparency mandates essential to protect private data
As AI use permeates industry, governments are updating laws to keep pace with the technology. AI transparency will be essential to ensure privacy and avoid risk to civil liberties. Continue Reading
-
Feature
12 May 2020
How to handle the risk of insider threats post-COVID-19
During these challenging times, organizations can't overlook the risk of insider threats as employees worry about layoffs, newly adopted remote working technology and more. Continue Reading
-
Tip
25 Mar 2020
Contract risk management: Focus on these 6 areas
Inspecting vendor contracts for risk is increasingly important as CIOs scramble to stay nimble in a volatile economy. ClearEdge Partners explains how to protect your interests. Continue Reading
-
Tip
24 Mar 2020
How to write an RFP and statement of work for an IT services contract
Master how to write an RFP and statement of work to get the IT services you need using these best practices from consulting firm ClearEdge Partners. Continue Reading