Risk management and governance

With today's exponential advances in technology, CIOs, CTOs, CDOs and other IT leaders need critical advice on risk management and governance. Get news, guides and tips about technology-related compliance and data privacy issues, regulatory frameworks, limits on enterprise software development, cyber risk issues, metaverse dangers, cryptocurrency regulation and more.

Top Stories

News 25 Jun 2025
Google settlement may affect DOJ antitrust remedies

Google faces numerous antitrust challenges and has agreed to spend $500 million revamping its regulatory compliance structure in a settlement with shareholders. Continue Reading
By
- Makenzie Holland, Senior News Writer
News 24 Jun 2025
Trump wants to axe rules affecting business competition

As the FTC and DOJ work to assess what rules to cut, lawmakers disagree on how deregulation will affect U.S. markets. Continue Reading
By
- Makenzie Holland, Senior News Writer

Tip 18 Nov 2013
Preparation underway for Dodd-Frank conflict mineral disclosures

Dodd-Frank conflict mineral provisions create new disclosure rules for public companies. In this tip, learn how to prepare for the regulations. Continue Reading
By
- William Newman, SAP
Tip 13 Nov 2013
CIO tip: Learn how to present a risk-management plan to the board

CIO tip: Companies are getting serious about risk management plans -- and leaning on CIOs to help them. Continue Reading
By
- Karen Goulart
Tip 22 Oct 2013
Three strategies to align organizational compliance and security goals

Compliance and security departments sometimes have an adversarial relationship, but organizations can benefit from aligning their strategic goals. Continue Reading
By
- Ed Moyle, SecurityCurve
Opinion 12 Jun 2013
The GRC maturity model and value proposition

In this CIO Matters column, Harvey Koeppel takes a look at the GRC maturity model and how CIOs can turn risk management into business value. Continue Reading
By
- Harvey R. Koeppel, Pictographics Inc.
Definition 01 Feb 2013
business continuity management (BCM)

Business continuity management (BCM) is a framework for identifying an organization's risk of exposure to internal and external threats. Continue Reading
By
- Karen Goulart
Tip 01 Nov 2012
Free IT organizational structure chart templates for the CIO

Use these free IT organizational structure chart templates to illustrate the relationships and hierarchy between various IT roles in your enterprise. Continue Reading
By
- TechTarget CIO Editorial Staff
News 23 Apr 2012
ISACA: Update to COBIT 5 governance framework maximizes IT assets

ISACA’s update to its popular COBIT 5 framework incorporates a business-wide approach the organization says helps enterprises maximize their information and technology assets. Continue Reading
By
- Ben Cole, Executive Editor
Tip 02 Mar 2012
Is your SaaS system in line with SOX compliance requirements?

A SaaS vendor can provide many benefits, but adhering to SOX compliance requirements remains a concern. Here’s help to stay compliant when using Software as a Service. Continue Reading
By
- Curt Finch, Contributor
Tutorial 03 Oct 2011
FAQ: Four criteria for an effective IT innovation strategy

In this FAQ, IT executives share four ways to kick-start and manage an IT innovation strategy that drives business value and transformation. Continue Reading
By
- SearchCIO.com Staff
Tip 16 Aug 2011
How protecting against the OWASP Top 10 helps prevent compliance risk

Mapping security processes to protect against the OWASP Top 10 could ease Web application vulnerabilities and help some companies stay compliant. Continue Reading
By
- Ed Adams, Contributor
Quiz 15 Aug 2011
Test your social media risk management IQ: A SearchCompliance.com quiz

Proliferating social networks have cast a spotlight on social media risk management. Take our quiz to find out if you are up to speed on social media. Continue Reading
By
- SearchCompliance.com Staff
Definition 07 Mar 2011
control framework

A control framework is a data structure that organizes and categorizes an organization’s internal controls, which are practices and procedures established to create business value and minimize risk. Continue Reading
By
- TechTarget Contributor
Tip 10 Dec 2010
AML compliance and money service businesses

Money service businesses are a growing part of the financial services industry but compliance with anti-money regulations is critical. Continue Reading
By
- Dan Fisher, Contributor
Feature 17 Jun 2010
FAQ: GARP and how it helps you achieve better information governance

Many organizations do not have an information governance structure that works with defined record-keeping principles that ensures accountability. GARP may be your answer. Continue Reading
By
- SearchCompliance.com Staff
Tip 06 Oct 2009
Threat management for information systems relies on categorization

Every information system faces threats, but not all threats should be treated equally. ISO 27005 offers a guide on how to categorize threats to your organization. Continue Reading
By
- Steven Ross, Risk Masters, Inc.
News 06 Oct 2009
GPS devices, geolocation data create privacy, security risks

Emerging technologies that allow users to broadcast geographic locations raise many issues for companies, CIOs, while legislatures and the FTC consider legal aspects. Continue Reading
By
- Linda Tucci, Industry Editor -- CIO/IT Strategy
Tip 01 Oct 2009
HIPAA-covered entities' first step should be a quality assurance plan

HIPAA-covered entities must leverage or install a good QA team, an effort that should be driven from the top down and be part of the strategic plan of the technology organization. Continue Reading
By
- John Weathington, Excellent Management Systems Inc.
Feature 22 Jun 2009

Chapter excerpt: Decision-making processes and IT governance

Find out how sound decision-making processes form the foundation of IT governance policies by allocating decision rights and accountability. Continue Reading
News 19 Jun 2009
Twitter security risks, popularity spark regulatory concerns

Twitter can be used for social good, business and journalism, but the potential for exploitation by cybercriminals and noncompliance with regulatory requirements is real and growing. Continue Reading
By
- Alexander B. Howard, Associate Editor
Tip 09 Jun 2009
How AML compliance applies to remote deposit capture

Financial institutions rushing to deploy remote deposit capture (RDC) need to consider how the Bank Secrecy Act and anti-money laundering regulations apply to the technology. In this tip, Dan Fisher explains what measures institutions need to take to ensure compliance with BSA/AML laws in their RDC implementations. Continue Reading
By
- Dan M. Fisher, Contributor
Tip 19 May 2009
Why it may not be ideal for your lawyer to be your compliance officer

While lawyers bring a certain expertise to the table, business leaders need a broader range of technical, security and communications skills in their compliance officers. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Definition 12 Mar 2009
Electronic Communications Privacy Act (ECPA)

The Electronic Communications Privacy Act (ECPA) is a United States federal statute that prohibits a third party from intercepting or disclosing communications without authorization. Continue Reading
By
- TechTarget Contributor
Definition 29 Jan 2009
Fair Credit Reporting Act (FCRA)

The Fair Credit Reporting Act (FCRA) is United States federal legislation that promotes accuracy, fairness and privacy for data used by consumer reporting agencies. Continue Reading
By
- TechTarget Contributor
Definition 06 Mar 2008
FFIEC compliance (Federal Financial Institutions Examination Council)

FFIEC compliance is conformance to a set of standards for online banking issued in October 2005 by the Federal Financial Institutions Examination Council (FFIEC)... (Continued) Continue Reading
By
- TechTarget Contributor