Compliance

Compliance with corporate, government and industry standards and regulations is critical to meet business goals, reduce risk, maintain trust and avoid fines. Get advice on audit planning and management; laws, standards and regulations; and how to comply with GDPR, PCI DSS, HIPAA and more.

Top Stories

Tip 19 May 2026
What CISOs need to know about AI audit logs

AI audit logs are rapidly becoming essential tools for enterprise CISOs. Here's what cybersecurity leaders need to track to mitigate risks. Continue Reading
By
- Amy Larsen DeCarlo, GlobalData
Tip 13 May 2026
Transform SIEM rules with behavior-based threat detection

Outdated SIEM rules can hamstring enterprises as they try to safeguard their operations. Use a proactive, strategic approach that's grounded in actual attack behavior instead. Continue Reading
By
- Damon Garn, Cogspinner Coaction

Podcast 17 Jun 2009

Business model risk is a key part of your risk management strategy

Management consultants Amit Sen and John Vaughan discuss business model risk, a way to apply risk management policies to new or changed business processes. Continue Reading
Tip 15 Jun 2009
How to mitigate operational, compliance risk of outsourcing services

Companies must have an approach to evaluating partner risk, the level of risk of both the service and the provider, and the adequacy of the security practices of the provider. Continue Reading
By
- Richard Mackey
Blog Post 19 Mar 2009
How do you align an IT risk assessment with COBIT controls?

[One of our readers, compliance officer Ramon de Bruijn, wrote to the editors of SearchCompliance.com at [email protected] last month looking for some advice. Specifically, he asked "What ... Continue Reading
By
- Sarah Cortes
Answer 11 Mar 2009
How to avoid HIPAA Social Security number compliance violations

It can be difficult to decipher what a HIPAA Social Security number violation is. In this information security management expert response, David Mortman explains how to avoid HIPAA SSN violations as an employer. Continue Reading
By
- David Mortman, Dell
Tip 05 Feb 2009
What controls can compensate when segregation of duties isn't economically feasible?

Having a strong log management capability is a good way to start when security segregation isn't possible. Mike Rothman explains. Continue Reading
By
- Mike Rothman, Securosis
Tip 02 Dec 2008
PCI DSS 3.1 requirement best practices

Requirement 3.1 of the PCI Data Security Standard requires minimum cardholder data storage. In this tip, learn how to determine how much data your organization should store. Continue Reading
By
- Roger Nebel, Contributor
Answer 09 Jul 2008
Is the Orange Book still relevant for assessing security controls?

Is the Orange Book still the be-all and end-all for assessing security controls in the enterprise? Security management expert Mike Rothman explains what happened to the Orange Book, and the Common Criteria for Information Technology Security Evaluation that replaced it. Continue Reading
By
- Mike Rothman, Securosis
Answer 10 Mar 2008
Does SOX provision email archiving?

Although SOX may lack specificity regarding certain controls, it does have clear mandates for email retention. Continue Reading
By
- Mike Rothman, Securosis
Tip 16 Jan 2008
PCI compliance after the TJX data breach

The massive TJX data breach reinforced the need for stricter controls when handling credit card information. In this tip, Joel Dubin reexamines the need for the PCI Data Security Standard and advises how to ease the PCI compliance burden. Continue Reading
By
- Joel Dubin
Quiz 16 Nov 2007

Quiz: PCI DSS compliance -- Two years later

A five-question multiple-choice quiz to test your understanding of the content presented by expert Diana Kelley in this lesson of SearchSecurity.com's Compliance School. Continue Reading
Feature 01 Mar 2003
IT security auditing: Best practices for conducting audits

Even if you hate security audits, it's in your best interest to make sure they're done right. Continue Reading
By
- Carole Fennelly, Contributor