Compliance

Compliance with corporate, government and industry standards and regulations is critical to meet business goals, reduce risk, maintain trust and avoid fines. Get advice on audit planning and management; laws, standards and regulations; and how to comply with GDPR, PCI DSS, HIPAA and more.

Top Stories

Tip 20 May 2025
Best practices for board-level cybersecurity oversight

Corporate boards must play an increasingly active role in overseeing cybersecurity strategies. Here's what they need to know, from SEC disclosure requirements to best practices. Continue Reading
By
- Jerald Murphy, Nemertes Research
News 06 May 2025
ServiceNow expands AI governance, emphasizes ROI

Enterprises remain nervous about deploying AI agents in production, as IT vendors vie to demonstrate the value and comprehensiveness of their platforms. Continue Reading
By
- Beth Pariseau, Senior News Writer

Definition 09 May 2025
What is a risk profile? Definition, examples and types

A risk profile is a quantitative analysis of the types of threats an organization, asset, project or individual faces. Continue Reading
By
- Mary K. Pratt
Definition 09 May 2025
What is risk reporting?

Risk reporting is a method of identifying risks tied to or potentially impacting an organization's business processes. Continue Reading
By
- Brien Posey
Definition 09 May 2025
What is the Sarbanes-Oxley Act? Definition and summary

The Sarbanes-Oxley Act of 2002 (SOX) is a federal law that established sweeping auditing and financial regulations for public companies. Continue Reading
By
- Katie Terrell Hanna
- Ben Lutkevich, Site Editor
News 06 May 2025
ServiceNow expands AI governance, emphasizes ROI

Enterprises remain nervous about deploying AI agents in production, as IT vendors vie to demonstrate the value and comprehensiveness of their platforms. Continue Reading
By
- Beth Pariseau, Senior News Writer
Feature 06 May 2025
How will enterprises handle changes in Exchange Server SE?

With current Exchange Server versions expiring in October, Microsoft's move to subscriptions and a tight migration deadline puts pressure on organizations keeping on-premises email. Continue Reading
By
- Ed Scannell, Freelancer
Definition 06 May 2025
What is segregation of duties (SoD)?

Segregation of duties (SoD) is an internal control mechanism designed to prevent errors and fraud by ensuring at least two individuals are responsible for the separate parts of any task. Continue Reading
By
- Katie Terrell Hanna
- Rahul Awati
Opinion 30 Apr 2025
End users can code with AI, but IT must be wary

The scale and speed of generative AI coding -- known as vibe coding -- are powerful, but users might be misapplying this technology to create efficiency and security problems. Continue Reading
By
- Gabe Knuth, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Definition 28 Apr 2025
What is a risk map (risk heat map)?

A risk map, or risk heat map, is a data visualization tool for communicating specific risks an organization faces. Continue Reading
By
- Mary K. Pratt
- Mekhala Roy
Definition 24 Apr 2025
What is risk exposure in business?

Risk exposure is the quantified potential loss from currently underway or planned business activities. Continue Reading
By
- Dave Shackleford, Voodoo Security
- Ben Cole, Executive Editor
Tip 22 Apr 2025
Top 10 document management software in 2025

Many organizations require document management software that can automate workflows, support remote access and maintain compliance. Top systems include Box and SharePoint Online. Continue Reading
By
- Christine Campbell, The Alpha Content Company
Definition 14 Apr 2025
What is corporate governance?

Corporate governance is the combination of rules, processes and laws by which businesses are operated, regulated and controlled. Continue Reading
By
- Stephen J. Bigelow, Senior Technology Editor
- Ben Lutkevich, Site Editor
- Sarah Lewis
Feature 09 Apr 2025
How to create a data breach response plan, with free template

A data breach response plan outlines how a business reacts to a breach. Follow these six steps, and use our free template to develop your organization's plan. Continue Reading
By
- Rob Shapland
Tip 12 Mar 2025
How to deal with unmanaged devices in the enterprise

Unmanaged devices present numerous risks, but how did they gain access to the network without any management in place? IT should learn how this happens and what to do when it does. Continue Reading
By
- Brien Posey
Tip 11 Mar 2025
7 biggest document management challenges

A document management strategy helps organizations protect and retrieve files. Yet, content managers often struggle with governance and system integration. Continue Reading
By
- Jordan Jones
Definition 11 Mar 2025
What is a copyright?

Copyright is a legal term describing ownership or control of the rights to use and distribute certain works of creative expression, including books, video, motion pictures, musical compositions and computer programs. Continue Reading
By
- Katie Terrell Hanna
- Peter Loshin, Former Senior Technology Editor
- Robert Richardson
Tip 07 Mar 2025
SEC cybersecurity disclosure rules, with checklist

Public companies must regularly share information about their cybersecurity practices and disclose details of material cyberincidents. Learn how to comply. Continue Reading
By
- Paul Kirvan
Feature 06 Mar 2025
How to create a data security policy, with template

When it comes to data security, the devil is in the details. One critical detail organizations shouldn't overlook is a succinct yet detailed data security policy. Continue Reading
By
- Paul Kirvan
Definition 05 Mar 2025
What is the Digital Operational Resilience Act (DORA)?

The Digital Operational Resilience Act (DORA) is a European Union regulation designed to enhance cybersecurity and ensure functional continuity of the financial sector, employing rigorous information and communications technology (ICT) standards across all EU financial entities. Continue Reading
By
- Andy Patrizio
Definition 20 Feb 2025
What is a checksum?

A checksum is a value that represents the number of bits in a transmission message. IT professionals use it to detect high-level errors within data transmissions. Continue Reading
By
- Rahul Awati
- Kinza Yasar, Technical Writer
- Laura Fitzgibbons
News 27 Jan 2025
Former CSRB members largely silent on dismissal

The Cyber Safety Review Board was investigating recent attacks by Chinese state-sponsored threat actor Salt Typhoon when DHS terminated all advisory board memberships. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 24 Jan 2025
Data sovereignty compliance challenges and best practices

Organizations that use the cloud face stiff challenges in complying with data sovereignty laws and regulations. The first step: Understand which laws apply. Continue Reading
By
- Damon Garn, Cogspinner Coaction
News 23 Jan 2025
EU, U.S. at odds on AI safety regulations

The U.S. under the new Trump administration changes course on AI safety, in contrast with the EU, as uncertainty lingers about other Biden-era federal cybersecurity efforts. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 22 Jan 2025
Cyber Safety Review Board axed in DHS cost-cutting move

Benjamine C. Huffman, acting secretary of the Department of Homeland Security under Trump, terminates the memberships for all DHS advisory committees, including the CSRB. Continue Reading
By
- Alexander Culafi, Senior News Writer
Podcast 21 Jan 2025
Risk & Repeat: What is the future of CISA?

South Dakota Gov. Kristi Noem, who is President Donald Trump's nominee for DHS secretary, said during a recent confirmation hearing that CISA should be 'smaller.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 17 Jan 2025
Biden order gives CISA software supply chain 'teeth'

The outgoing administration makes a Hail Mary attempt to salvage work it began in 2021 to require specific software supply chain security information from software suppliers. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 16 Jan 2025
Tech industry experts digest cybersecurity executive order

IT pros assess a last-minute cybersecurity executive order with new directives on a broad swath of topics, from cybercriminal sanctions to AI and identity management. Continue Reading
By
- Beth Pariseau, Senior News Writer
- Arielle Waldman, News Writer
Feature 16 Jan 2025
The mystery of the $75M ransom payment to Dark Angels

The Dark Angels gang stole 100 TB of data from a Fortune 50 company last year for a record-setting ransom payment. But the victim organization still hasn't disclosed those details. Continue Reading
By
- Rob Wright, Senior News Director
Definition 03 Jan 2025
What is the Gramm-Leach-Bliley Act (GLBA)?

The Gramm-Leach-Bliley Act (GLB Act or GLBA), also known as the Financial Modernization Act of 1999, is a federal law enacted in the United States to control the ways financial institutions deal with the private information of individuals. Continue Reading
By
- Katie Terrell Hanna
- Garry Kranz
News 23 Dec 2024
10 of the biggest cybersecurity stories of 2024

Some of the biggest stories of the year include a massive IT outage, a record-setting ransom payment and devastating breaches at several U.S. telecommunications companies. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 20 Dec 2024
The top 5 content management trends in 2025

AI technology continues to shape the content management market. It underpins top trends in 2025, like generative AI, agentic AI and predictive analytics. Continue Reading
By
- Tim Murphy, Site editor
Tip 17 Dec 2024
5 UC and collaboration trends reshaping the market in 2025

Expect GenAI and agentic AI to dominate unified communications and collaboration trends, plus employees and businesses weigh return-to-office edicts and heightened cyberattacks. Continue Reading
By
- Irwin Lazar, Metrigy Research
News 26 Nov 2024
New York fines Geico, Travelers $11.3M over data breaches

The two insurance giants were fined millions by New York state regulators and are required to enhance security protocols around authentication and penetration testing. Continue Reading
By
- Arielle Waldman, News Writer
Tip 21 Nov 2024
U.S. data privacy protection laws: 2025 guide

Growing concerns over the processing, storage and protection of personal data, plus the GenAI effect, are leading to the passage of new local and regional privacy regulations. Continue Reading
By
- Paul Kirvan
Tip 19 Nov 2024
Biometric privacy and security challenges to know

Fingerprints and facial scans can make identity access more convenient than passwords, but biometric tools present significant ethical and legal challenges. Continue Reading
By
- Mary K. Pratt
Tip 12 Nov 2024
EDR vs. XDR vs. MDR: Key differences and benefits

One of the most important goals of cybersecurity professionals is to quickly identify potential or in-progress cyberattacks. These three approaches can help. Continue Reading
By
- Paul Kirvan
Podcast 29 Oct 2024
Risk & Repeat: SEC cracks down on cybersecurity disclosures

The SEC's charges against Unisys, Avaya, Check Point Software Technologies and Mimecast have raised questions about expectations for transparency in cybersecurity. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 22 Oct 2024
SEC charges 4 companies for downplaying SolarWinds attacks

The U.S. Securities and Exchange Commission fined the companies for misleading investors about intrusions stemming from the SolarWinds supply chain attack. Continue Reading
By
- Arielle Waldman, News Writer
News 17 Oct 2024
Joe Sullivan: CEOs must be held accountable for security too

The former CSO at Uber was found guilty in 2022 of obstruction of justice relating to a breach. Now he's calling for clearer regulatory frameworks for security. Continue Reading
By
- Nicole Laskowski, Senior News Director
News 17 Oct 2024
HashiCorp CTO talks AI strategy, Ansible tie-ins, FedRAMP

In a Q&A to wrap up HashiConf, the company's co-founder and CTO gave his outlook on HashiCorp's approach to AI, configuration management and cloud compliance. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 10 Oct 2024
FTC orders Marriott to pay $52M and enhance security practices

The Federal Trade Commission says an investigation revealed that poor security practices led to three data breaches at Marriott and Starwood hotels between 2014 and 2020. Continue Reading
By
- Arielle Waldman, News Writer
News 09 Oct 2024
Atlassian 'cloud-first' becomes 'enterprise-first'

Atlassian's tune has changed in the past few months, as the company builds bridges to Data Center products and works on FedRAMP cloud compliance. Continue Reading
By
- Beth Pariseau, Senior News Writer
Definition 09 Oct 2024
What is OPSEC (operations security)?

OPSEC (operations security) is an analytical process that military, law enforcement, government and private organizations use to prevent sensitive or proprietary information from being accessed inappropriately. Continue Reading
By
- Robert Sheldon
- Linda Rosencrance
- Ben Cole, Executive Editor
Tip 08 Oct 2024
6 information governance best practices

An information governance plan ensures that an organization's content lifecycle meets compliance and business needs. Best practices can help organizations craft an effective plan. Continue Reading
By
- Reda Chouffani, Biz Technology Solutions
Definition 07 Oct 2024
What is risk management? Importance, benefits and guide

Risk management is the process of identifying, assessing and controlling threats to an organization's capital, earnings and operations. Continue Reading
By
- Linda Tucci, Industry Editor -- CIO/IT Strategy
- Craig Stedman, Industry Editor
Podcast 24 Sep 2024
Risk & Repeat: What's next for Telegram and Pavel Durov?

Telegram made updates to its FAQ and privacy policy following Pavel Durov's arrest. But will the changes influence cybercriminals' abuse of the platform? Continue Reading
By
- Rob Wright, Senior News Director
Tip 19 Sep 2024
4 certifications for information governance professionals

Information governance is a broad discipline with many different certifications. The most common include ARMA's IGP, AIIM's CIP and IAPP's CIPM. Continue Reading
By
- Laurence Hart, CGI Federal
Feature 17 Sep 2024
Infosec experts detail widespread Telegram abuse

Cybersecurity vendors say threat activity on Telegram has grown rapidly in recent years, and they don't expect the arrest of founder and CEO Pavel Durov to change that trend. Continue Reading
By
- Arielle Waldman, News Writer
Tip 09 Sep 2024
How to create an AI acceptable use policy, plus template

With great power comes -- in the case of generative AI -- great security and compliance risks. Learn how an AI acceptable use policy can help ensure safe use of the technology. Continue Reading
By
- Jerald Murphy, Nemertes Research
News 28 Aug 2024
Infosec experts applaud DOJ lawsuit against Georgia Tech

The Department of Justice joined a whistleblower lawsuit against Georgia Tech for allegedly misleading the Department of Defense about its cybersecurity posture. Continue Reading
By
- Arielle Waldman, News Writer
Tip 19 Aug 2024
Guide to data detection and response (DDR)

Data is one of the most important assets in any organization. To truly protect it, you need a DDR strategy. Here's what you need to know, with tips on buying DDR tools. Continue Reading
By
- Sean Michael Kerner
Quiz 05 Aug 2024
Quiz: Test your knowledge of information governance best practices

As strict privacy laws challenge organizations, information governance is the answer. This quiz can help business leaders test their knowledge of information governance basics. Continue Reading
By
- Tim Murphy, Site editor
Guest Post 02 Aug 2024
How blockchain can support third-party risk management

Third-party risk is of significant and growing concern to today's businesses. Explore how blockchain technology could transform third-party risk management for the better. Continue Reading
By
- Jonathan Prewitt, Jeremy A. Sheridan
Definition 29 Jul 2024
What is GDPR? Compliance and conditions explained

The General Data Protection Regulation (GDPR) is legislation that updated and unified data privacy laws across the European Union (EU). Continue Reading
By
- Scott Robinson, New Era Technology
- Rich Castagna
- Tréa Lavery, Editorial Assistant
Definition 23 Jul 2024
What is the Cybersecurity Information Sharing Act (CISA)?

The Cybersecurity Information Sharing Act (CISA) allows United States government agencies and non-government entities to share information with each other as they investigate cyberattacks. Continue Reading
By
- Katie Terrell Hanna
News 18 Jul 2024
Judge tosses most of SEC's lawsuit against SolarWinds

A judge dismissed many of the charges in the U.S. Securities and Exchange Commission's lawsuit against SolarWinds and its CISO, Timothy Brown, though some charges remain. Continue Reading
By
- Rob Wright, Senior News Director
Tip 26 Jun 2024
What qualifies as a material cybersecurity incident?

In SEC rules, a cyberincident's materiality hinges on its potential impact on a public company's standing. Learn what this means for cybersecurity disclosure requirements. Continue Reading
By
- Jerald Murphy, Nemertes Research
News 24 Jun 2024
Corvus: Cyber insurance premiums see 'stabilization'

Corvus Insurance's Peter Hedberg provided insight into the cyber insurance landscape after a tumultuous 2023 and what enterprises can expect moving forward. Continue Reading
By
- Arielle Waldman, News Writer
Definition 21 Jun 2024
personally identifiable information (PII)

Personally identifiable information (PII) is any data that could potentially identify a specific individual. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Corinne Bernstein
Definition 14 Jun 2024
chief trust officer

A chief trust officer (CTrO) in the IT industry is an executive job title given to the person responsible for building confidence around the use of customer information. Continue Reading
By
- Scott Robinson, New Era Technology
- Francesca Sales
Definition 12 Jun 2024
data protection impact assessment (DPIA)

A data protection impact assessment (DPIA) is a process designed to help organizations determine how data processing systems, procedures or technologies affect individuals' privacy and eliminate any risks that might violate compliance. Continue Reading
By
- Cameron Hashemi-Pour, Former Site Editor
- Corinne Bernstein
Definition 12 Jun 2024
privacy impact assessment (PIA)

A privacy impact assessment (PIA) is a method for identifying and assessing privacy risks throughout the development lifecycle of a program or system. Continue Reading
By
- Cameron Hashemi-Pour, Former Site Editor
- Paul Kirvan
- Ben Cole, Executive Editor
Definition 07 Jun 2024
log file

A log file, or simply a log, in a computing context is the automatically produced and timestamped documentation of events relevant to a particular system. Continue Reading
By
- Rahul Awati
- Ivy Wigmore
Tip 05 Jun 2024
What is a cloud security framework? A complete guide

With so many apps and data residing in cloud, employing a security framework to help protect cloud infrastructure is an essential move for an organization. Continue Reading
By
- Ed Moyle, SecurityCurve
Tip 13 May 2024
How to create a cloud security policy, step by step

What are the necessary components of a cloud security policy, and why should an organization go to the trouble to create one? Download a template to get the process started. Continue Reading
By
- Paul Kirvan
Definition 08 May 2024
Digital Personal Data Protection Act, 2023

India's Digital Personal Data Protection Act, 2023 (DPDPA) is a comprehensive privacy and data protection law that recognizes the right of individuals, referred to as "data principals," to protect their personal data during the processing of that data for lawful purposes. Continue Reading
By
- George Lawton
Tip 03 May 2024
Compare Azure Government vs. commercial cloud offering

Microsoft's Azure Government and global cloud offerings serve different customers and have different compliance requirements. See how they compare to make the right choice. Continue Reading
By
- Chris Tozzi
Definition 02 May 2024
document sanitization

Document sanitization is the process of cleaning a document to ensure that only the intended information can be accessed from it. Continue Reading
By
- Rahul Awati
Feature 02 May 2024
What is a data protection officer (DPO) and what do they do?

Today's DPO must juggle technical, legal and collaborative skills in the shadow of more sophisticated data breaches, tougher data privacy laws and generative AI deployments. Continue Reading
By
- George Lawton
Definition 02 May 2024
What is PCI DSS (Payment Card Industry Data Security Standard)?

The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information. Continue Reading
By
- Nick Barney, Technology Writer
Tip 01 May 2024
How to deploy macOS compliance controls via Intune

Intune administrators can use many of the same mechanisms to manage compliance policies for Windows and macOS desktops alike. Learn how to create those policies for Macs. Continue Reading
By
- Brien Posey
Tip 01 May 2024
How to deploy Intune compliance policies for iOS and iPadOS

Compliance policies are a significant part of IT's device management, so admins should learn about Intune's compliance management features for all types of devices. Continue Reading
By
- Michael Goad, CDW
Definition 01 May 2024
Federal Information Security Modernization Act (FISMA)

): The Federal Information Security Modernization Act (FISMA) is United States legislation that defines a framework of guidelines and security standards to protect government information technology operations from cyberthreats. Continue Reading
By
- Paul Kirvan
- Alexander S. Gillis, Technical Writer and Editor
Feature 30 Apr 2024
Understanding Microsoft 365 GCC High and other licenses

Government organizations should turn to the variety of dedicated services that Microsoft offers to deliver familiar productivity services to users with highly secured data. Continue Reading
By
- Helen Searle-Jones, Tritech Group
Feature 11 Apr 2024
7 principles of the GDPR explained

The GDPR's seven data protection principles on the lawful processing of data are directly influencing the way businesses collect, store, erase and monetize personal information. Continue Reading
By
- George Lawton
Feature 11 Apr 2024
AI and GDPR: How is AI being regulated?

Amid data privacy issues spawned by proliferating AI and generative AI applications, GDPR provisions need some updating to provide businesses with more specific AI guidelines. Continue Reading
By
- George Lawton
Tip 04 Apr 2024
Data protection vs. data backup: How are they different?

They might be viewed as separate functions, but data backup should be part of an overall data protection strategy to thwart ransomware and comply with stringent privacy laws. Continue Reading
By
- Kathleen Richards
Tip 03 Apr 2024
How to conduct a data privacy audit, step by step

The vital importance of a data privacy audit can't be underestimated in today's climate of proliferating customer data, more stringent regulations and sophisticated cyber threats. Continue Reading
By
- Jerald Murphy, Nemertes Research
Feature 01 Apr 2024
6 business benefits of data protection and GDPR compliance

Complying with GDPR and avoiding severe fines is a primary goal of businesses, but the data governing principles and security tools to achieve compliance yield systemic benefits. Continue Reading
By
- Chris Tozzi
Definition 01 Apr 2024
HRIS (human resource information system)

A human resource information system (HRIS) is software that aids organizations in managing and automating core human resource (core HR) processes. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Kinza Yasar, Technical Writer
- Luke Marson
Opinion 26 Mar 2024
Top 6 data security posture management use cases

Data security posture management is a top 10 security issue for 2024, according to research. Check out the top six use cases for DSPM and weigh in on other possibilities. Continue Reading
By
- Todd Thiemann, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 22 Mar 2024
Data protection impact assessment template and tips

Conducting a data protection impact assessment is key to evaluating potential risk factors that could pose a serious threat to individuals and their personal information. Continue Reading
By
- Paul Kirvan
Feature 11 Mar 2024
Understanding the basics of Windows 365 Government

Windows 365 Government isn't available to all Microsoft customers, but organizations such as governments and privileged contractors can benefit from this specialized offering. Continue Reading
By
- Robert Sheldon
Definition 08 Mar 2024
electronic protected health information (ePHI)

Electronic protected health information (ePHI) is protected health information that is produced, saved, transferred or received in an electronic form. Continue Reading
By
- Rahul Awati
Feature 04 Mar 2024
Infosec pros weigh in on proposed ransomware payment bans

Whether for or against a payment ban, security professionals are concerned regulations could negatively affect victims and result in fewer incident disclosures. Continue Reading
By
- Arielle Waldman, News Writer
Definition 04 Mar 2024
cloud audit

A cloud audit is an assessment of a cloud computing environment and its services, based on a specific set of controls and best practices. Continue Reading
By
- Robert Sheldon
- Paul Kirvan
Tip 21 Feb 2024
AI and compliance: Which rules exist today, and what's next?

The AI regulatory landscape is still racing to catch up with the fast pace of industry and technological developments, but a few key themes are starting to emerge for businesses. Continue Reading
By
- Chris Tozzi
Definition 15 Feb 2024
operational risk

Operational risk is the risk of losses caused by flawed or failed processes, policies, systems or events that disrupt business operations. Continue Reading
By
- Lisa Morgan
News 06 Feb 2024
Google: Spyware vendors are driving zero-day exploitation

Google's Threat Analysis Group urged further government action against commercial surveillance vendors that let customers abuse spyware products with impunity. Continue Reading
By
- Arielle Waldman, News Writer
Definition 02 Feb 2024
communications security (COMSEC)

Communications security (COMSEC) is the prevention of unauthorized access to telecommunications traffic or to any written information that is transmitted or transferred. Continue Reading
By
- Paul Kirvan
- Ben Cole, Executive Editor
Feature 30 Jan 2024
7 benefits of Microsoft SharePoint

SharePoint offers a central repository where users can store and collaborate on business content. The tool's benefits include improved efficiency, scalability and compliance. Continue Reading
By
- Tim Murphy, Site editor
News 29 Jan 2024
Citizen Lab details ongoing battle against spyware vendors

At the SANS Cyber Threat Intelligence Summit, Citizen Lab researcher Bill Marczak discusses spyware proliferation from commercial vendors such as NSO Group, Cytrox and Quadream. Continue Reading
By
- Arielle Waldman, News Writer
Tip 29 Jan 2024
Cybersecurity skills gap: Why it exists and how to address it

The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
News 18 Jan 2024
Chainalysis observes decrease in cryptocurrency crime in 2023

During 2023, Chainalysis tracked a decrease in the total value and volume of illicit cryptocurrency transactions. But it is unclear if the downward trend will continue. Continue Reading
By
- Arielle Waldman, News Writer
Definition 18 Jan 2024
information assurance (IA)

Information assurance (IA) is the practice of protecting physical and digital information and the systems that support the information. Continue Reading
By
- Robert Sheldon
- Ben Cole, Executive Editor
Feature 17 Jan 2024
CISOs on alert following SEC charges against SolarWinds

The Securities and Exchange Commission announced charges against SolarWinds and its CISO in October, but will it help improve transparency or simply scare infosec executives? Continue Reading
By
- Arielle Waldman, News Writer
News 16 Jan 2024
FCC adopts lead generation rules to protect consumer privacy

The new rules aim to protect consumers from scam communications perpetuated by robocalls and robotexts and give consumers the ability to choose which companies can contact them. Continue Reading
By
- Mary Reines, News Writer
Feature 30 Nov 2023
Records vs. document management: What's the difference?

Records and document management both help organizations share and use files, but these strategies have different goals, information, processes and systems. Continue Reading
By
- Tim Murphy, Site editor
Tip 17 Nov 2023
SBOM formats compared: CycloneDX vs. SPDX vs. SWID Tags

Organizations can choose between three SBOM formats: CycloneDX, SPDX and SWID Tags. Learn more about them to determine which fits your organization best. Continue Reading
By
- Ravi Das, ML Tech Inc.
Definition 14 Nov 2023
cardholder data environment (CDE)

A cardholder data environment (CDE) is a computer system or networked group of IT systems that processes, stores or transmits cardholder data or sensitive payment authentication data. Continue Reading
By
- Rahul Awati
- Sharon Shea, Executive Editor
News 09 Nov 2023
SolarWinds fires back at SEC over fraud charges

SolarWinds said the SEC's lawsuit contains several 'false claims,' including allegations about how Russian nation-state hackers first got inside the company's network Continue Reading
By
- Rob Wright, Senior News Director