Compliance

Compliance with corporate, government and industry standards and regulations is critical to meet business goals, reduce risk, maintain trust and avoid fines. Get advice on audit planning and management; laws, standards and regulations; and how to comply with GDPR, PCI DSS, HIPAA and more.

Top Stories

Tip 30 Apr 2026
What every CISO should consider before a SIEM migration

Before starting a SIEM migration, the security team must identify the data, rules, workflows and policies they need to transition to the new tool or service. Here's how to get started. Continue Reading
By
- John Burke, Nemertes Research
Feature 28 Apr 2026
How agentic AI governance tackles data, security challenges

AI agents promise real gains -- and pose real risks. Enterprises that move fast without first tightening governance controls might struggle to prevent rogue behavior. Continue Reading
By
- Mary K. Pratt

Answer 11 Mar 2009
How to avoid HIPAA Social Security number compliance violations

It can be difficult to decipher what a HIPAA Social Security number violation is. In this information security management expert response, David Mortman explains how to avoid HIPAA SSN violations as an employer. Continue Reading
By
- David Mortman, Dell
Tip 05 Feb 2009
What controls can compensate when segregation of duties isn't economically feasible?

Having a strong log management capability is a good way to start when security segregation isn't possible. Mike Rothman explains. Continue Reading
By
- Mike Rothman, Securosis
Tip 02 Dec 2008
PCI DSS 3.1 requirement best practices

Requirement 3.1 of the PCI Data Security Standard requires minimum cardholder data storage. In this tip, learn how to determine how much data your organization should store. Continue Reading
By
- Roger Nebel, Contributor
Answer 09 Jul 2008
Is the Orange Book still relevant for assessing security controls?

Is the Orange Book still the be-all and end-all for assessing security controls in the enterprise? Security management expert Mike Rothman explains what happened to the Orange Book, and the Common Criteria for Information Technology Security Evaluation that replaced it. Continue Reading
By
- Mike Rothman, Securosis
Answer 10 Mar 2008
Does SOX provision email archiving?

Although SOX may lack specificity regarding certain controls, it does have clear mandates for email retention. Continue Reading
By
- Mike Rothman, Securosis
Tip 16 Jan 2008
PCI compliance after the TJX data breach

The massive TJX data breach reinforced the need for stricter controls when handling credit card information. In this tip, Joel Dubin reexamines the need for the PCI Data Security Standard and advises how to ease the PCI compliance burden. Continue Reading
By
- Joel Dubin
Quiz 16 Nov 2007

Quiz: PCI DSS compliance -- Two years later

A five-question multiple-choice quiz to test your understanding of the content presented by expert Diana Kelley in this lesson of SearchSecurity.com's Compliance School. Continue Reading
Feature 01 Mar 2003
IT security auditing: Best practices for conducting audits

Even if you hate security audits, it's in your best interest to make sure they're done right. Continue Reading
By
- Carole Fennelly, Contributor