Compliance
Compliance with corporate, government and industry standards and regulations is critical to meet business goals, reduce risk, maintain trust and avoid fines. Get advice on audit planning and management; laws, standards and regulations; and how to comply with GDPR, PCI DSS, HIPAA and more.
Top Stories
-
News
26 Nov 2024
New York fines Geico, Travelers $11.3M over data breaches
The two insurance giants were fined millions by New York state regulators and are required to enhance security protocols around authentication and penetration testing. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
21 Nov 2024
U.S. data privacy protection laws: 2025 guide
Growing concerns over the processing, storage and protection of personal data, plus the GenAI effect, are leading to the passage of new local and regional privacy regulations. Continue Reading
By
-
Tip
21 Nov 2024
U.S. data privacy protection laws: 2025 guide
Growing concerns over the processing, storage and protection of personal data, plus the GenAI effect, are leading to the passage of new local and regional privacy regulations. Continue Reading
By -
Tip
19 Nov 2024
Biometric privacy and security challenges to know
Fingerprints and facial scans can make identity access more convenient than passwords, but biometric tools present significant ethical and legal challenges. Continue Reading
-
Tip
12 Nov 2024
EDR vs. XDR vs. MDR: Key differences and benefits
One of the most important goals of cybersecurity professionals is to quickly identify potential or in-progress cyberattacks. These three approaches can help. Continue Reading
By -
Podcast
29 Oct 2024
Risk & Repeat: SEC cracks down on cybersecurity disclosures
The SEC's charges against Unisys, Avaya, Check Point Software Technologies and Mimecast have raised questions about expectations for transparency in cybersecurity. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
22 Oct 2024
SEC charges 4 companies for downplaying SolarWinds attacks
The U.S. Securities and Exchange Commission fined the companies for misleading investors about intrusions stemming from the SolarWinds supply chain attack. Continue Reading
By- Arielle Waldman, News Writer
-
News
17 Oct 2024
Joe Sullivan: CEOs must be held accountable for security too
The former CSO at Uber was found guilty in 2022 of obstruction of justice relating to a breach. Now he's calling for clearer regulatory frameworks for security. Continue Reading
By- Nicole Laskowski, Senior News Director
-
News
17 Oct 2024
HashiCorp CTO talks AI strategy, Ansible tie-ins, FedRAMP
In a Q&A to wrap up HashiConf, the company's co-founder and CTO gave his outlook on HashiCorp's approach to AI, configuration management and cloud compliance. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
10 Oct 2024
FTC orders Marriott to pay $52M and enhance security practices
The Federal Trade Commission says an investigation revealed that poor security practices led to three data breaches at Marriott and Starwood hotels between 2014 and 2020. Continue Reading
By- Arielle Waldman, News Writer
-
News
09 Oct 2024
Atlassian 'cloud-first' becomes 'enterprise-first'
Atlassian's tune has changed in the past few months, as the company builds bridges to Data Center products and works on FedRAMP cloud compliance. Continue Reading
By- Beth Pariseau, Senior News Writer
-
Definition
09 Oct 2024
What is OPSEC (operations security)?
OPSEC (operations security) is an analytical process that military, law enforcement, government and private organizations use to prevent sensitive or proprietary information from being accessed inappropriately. Continue Reading
By- Robert Sheldon
- Linda Rosencrance
- Ben Cole, Executive Editor
-
Tip
08 Oct 2024
6 information governance best practices
An information governance plan ensures that an organization's content lifecycle meets compliance and business needs. Best practices can help organizations craft an effective plan. Continue Reading
By- Reda Chouffani, Biz Technology Solutions
-
Definition
07 Oct 2024
What is risk management? Importance, benefits and guide
Risk management is the process of identifying, assessing and controlling threats to an organization's capital, earnings and operations. Continue Reading
By- Linda Tucci, Industry Editor -- CIO/IT Strategy
- Craig Stedman, Industry Editor
-
Podcast
24 Sep 2024
Risk & Repeat: What's next for Telegram and Pavel Durov?
Telegram made updates to its FAQ and privacy policy following Pavel Durov's arrest. But will the changes influence cybercriminals' abuse of the platform? Continue Reading
By- Rob Wright, Senior News Director
-
Tip
19 Sep 2024
4 certifications for information governance professionals
Information governance is a broad discipline with many different certifications. The most common include ARMA's IGP, AIIM's CIP and IAPP's CIPM. Continue Reading
By- Laurence Hart, CGI Federal
-
Feature
17 Sep 2024
Infosec experts detail widespread Telegram abuse
Cybersecurity vendors say threat activity on Telegram has grown rapidly in recent years, and they don't expect the arrest of founder and CEO Pavel Durov to change that trend. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
09 Sep 2024
How to create an AI acceptable use policy, plus template
With great power comes -- in the case of generative AI -- great security and compliance risks. Learn how an AI acceptable use policy can help ensure safe use of the technology. Continue Reading
By- Jerald Murphy, Nemertes Research
-
News
28 Aug 2024
Infosec experts applaud DOJ lawsuit against Georgia Tech
The Department of Justice joined a whistleblower lawsuit against Georgia Tech for allegedly misleading the Department of Defense about its cybersecurity posture. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
19 Aug 2024
Guide to data detection and response (DDR)
Data is one of the most important assets in any organization. To truly protect it, you need a DDR strategy. Here's what you need to know, with tips on buying DDR tools. Continue Reading
-
Quiz
05 Aug 2024
Quiz: Test your knowledge of information governance best practices
As strict privacy laws challenge organizations, information governance is the answer. This quiz can help business leaders test their knowledge of information governance basics. Continue Reading
By -
Guest Post
02 Aug 2024
How blockchain can support third-party risk management
Third-party risk is of significant and growing concern to today's businesses. Explore how blockchain technology could transform third-party risk management for the better. Continue Reading
By- Jonathan Prewitt, Jeremy A. Sheridan
-
Definition
29 Jul 2024
What is GDPR? Compliance and conditions explained
The General Data Protection Regulation (GDPR) is legislation that updated and unified data privacy laws across the European Union (EU). Continue Reading
By- Scott Robinson, New Era Technology
- Rich Castagna
- Tréa Lavery, Editorial Assistant
-
Definition
23 Jul 2024
What is the Cybersecurity Information Sharing Act (CISA)?
The Cybersecurity Information Sharing Act (CISA) allows United States government agencies and non-government entities to share information with each other as they investigate cyberattacks. Continue Reading
-
News
18 Jul 2024
Judge tosses most of SEC's lawsuit against SolarWinds
A judge dismissed many of the charges in the U.S. Securities and Exchange Commission's lawsuit against SolarWinds and its CISO, Timothy Brown, though some charges remain. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
26 Jun 2024
What qualifies as a material cybersecurity incident?
In SEC rules, a cyberincident's materiality hinges on its potential impact on a public company's standing. Learn what this means for cybersecurity disclosure requirements. Continue Reading
By- Jerald Murphy, Nemertes Research
-
News
24 Jun 2024
Corvus: Cyber insurance premiums see 'stabilization'
Corvus Insurance's Peter Hedberg provided insight into the cyber insurance landscape after a tumultuous 2023 and what enterprises can expect moving forward. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
21 Jun 2024
personally identifiable information (PII)
Personally identifiable information (PII) is any data that could potentially identify a specific individual. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
- Corinne Bernstein
-
Definition
14 Jun 2024
chief trust officer
A chief trust officer (CTrO) in the IT industry is an executive job title given to the person responsible for building confidence around the use of customer information. Continue Reading
By- Scott Robinson, New Era Technology
- Francesca Sales
-
Definition
12 Jun 2024
data protection impact assessment (DPIA)
A data protection impact assessment (DPIA) is a process designed to help organizations determine how data processing systems, procedures or technologies affect individuals' privacy and eliminate any risks that might violate compliance. Continue Reading
By- Cameron Hashemi-Pour, Site Editor
- Corinne Bernstein
-
Definition
12 Jun 2024
privacy impact assessment (PIA)
A privacy impact assessment (PIA) is a method for identifying and assessing privacy risks throughout the development lifecycle of a program or system. Continue Reading
By- Cameron Hashemi-Pour, Site Editor
- Paul Kirvan
- Ben Cole, Executive Editor
-
Definition
07 Jun 2024
log file
A log file, or simply a log, in a computing context is the automatically produced and timestamped documentation of events relevant to a particular system. Continue Reading
-
Tip
05 Jun 2024
What is a cloud security framework? A complete guide
With so many apps and data residing in cloud, employing a security framework to help protect cloud infrastructure is an essential move for an organization. Continue Reading
By- Ed Moyle, Drake Software
-
Tip
13 May 2024
How to create a cloud security policy, step by step
What are the necessary components of a cloud security policy, and why should an organization go to the trouble to create one? Download a template to get the process started. Continue Reading
By -
Definition
08 May 2024
Digital Personal Data Protection Act, 2023
India's Digital Personal Data Protection Act, 2023 (DPDPA) is a comprehensive privacy and data protection law that recognizes the right of individuals, referred to as "data principals," to protect their personal data during the processing of that data for lawful purposes. Continue Reading
-
Tip
03 May 2024
Compare Azure Government vs. commercial cloud offering
Microsoft's Azure Government and global cloud offerings serve different customers and have different compliance requirements. See how they compare to make the right choice. Continue Reading
By -
Definition
02 May 2024
document sanitization
Document sanitization is the process of cleaning a document to ensure that only the intended information can be accessed from it. Continue Reading
By -
Feature
02 May 2024
What is a data protection officer (DPO) and what do they do?
Today's DPO must juggle technical, legal and collaborative skills in the shadow of more sophisticated data breaches, tougher data privacy laws and generative AI deployments. Continue Reading
-
Definition
02 May 2024
What is PCI DSS (Payment Card Industry Data Security Standard)?
The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information. Continue Reading
By- Nick Barney, Technology Writer
-
Tip
01 May 2024
How to deploy macOS compliance controls via Intune
Intune administrators can use many of the same mechanisms to manage compliance policies for Windows and macOS desktops alike. Learn how to create those policies for Macs. Continue Reading
By -
Tip
01 May 2024
How to deploy Intune compliance policies for iOS and iPadOS
Compliance policies are a significant part of IT's device management, so admins should learn about Intune's compliance management features for all types of devices. Continue Reading
By- Michael Goad, CDW
-
Definition
01 May 2024
Federal Information Security Modernization Act (FISMA)
): The Federal Information Security Modernization Act (FISMA) is United States legislation that defines a framework of guidelines and security standards to protect government information technology operations from cyberthreats. Continue Reading
By- Paul Kirvan
- Alexander S. Gillis, Technical Writer and Editor
-
Feature
30 Apr 2024
Understanding Microsoft 365 GCC High and other licenses
Government organizations should turn to the variety of dedicated services that Microsoft offers to deliver familiar productivity services to users with highly secured data. Continue Reading
By- Helen Searle-Jones, Tritech Group
-
Feature
11 Apr 2024
7 principles of the GDPR explained
The GDPR's seven data protection principles on the lawful processing of data are directly influencing the way businesses collect, store, erase and monetize personal information. Continue Reading
-
Feature
11 Apr 2024
AI and GDPR: How is AI being regulated?
Amid data privacy issues spawned by proliferating AI and generative AI applications, GDPR provisions need some updating to provide businesses with more specific AI guidelines. Continue Reading
-
Tip
04 Apr 2024
Data protection vs. data backup: How are they different?
They might be viewed as separate functions, but data backup should be part of an overall data protection strategy to thwart ransomware and comply with stringent privacy laws. Continue Reading
-
Tip
03 Apr 2024
How to conduct a data privacy audit, step by step
The vital importance of a data privacy audit can't be underestimated in today's climate of proliferating customer data, more stringent regulations and sophisticated cyber threats. Continue Reading
By- Jerald Murphy, Nemertes Research
-
Feature
01 Apr 2024
6 business benefits of data protection and GDPR compliance
Complying with GDPR and avoiding severe fines is a primary goal of businesses, but the data governing principles and security tools to achieve compliance yield systemic benefits. Continue Reading
By -
Opinion
26 Mar 2024
Top 6 data security posture management use cases
Data security posture management is a top 10 security issue for 2024, according to research. Check out the top six use cases for DSPM and weigh in on other possibilities. Continue Reading
By- Todd Thiemann, Senior Analyst
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Tip
22 Mar 2024
Data protection impact assessment template and tips
Conducting a data protection impact assessment is key to evaluating potential risk factors that could pose a serious threat to individuals and their personal information. Continue Reading
By -
Definition
08 Mar 2024
electronic protected health information (ePHI)
Electronic protected health information (ePHI) is protected health information that is produced, saved, transferred or received in an electronic form. Continue Reading
By -
Feature
04 Mar 2024
Infosec pros weigh in on proposed ransomware payment bans
Whether for or against a payment ban, security professionals are concerned regulations could negatively affect victims and result in fewer incident disclosures. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
04 Mar 2024
cloud audit
A cloud audit is an assessment of a cloud computing environment and its services, based on a specific set of controls and best practices. Continue Reading
-
Tip
21 Feb 2024
AI and compliance: Which rules exist today, and what's next?
The AI regulatory landscape is still racing to catch up with the fast pace of industry and technological developments, but a few key themes are starting to emerge for businesses. Continue Reading
By -
Definition
15 Feb 2024
operational risk
Operational risk is the risk of losses caused by flawed or failed processes, policies, systems or events that disrupt business operations. Continue Reading
By -
Definition
13 Feb 2024
risk reporting
Risk reporting is a method of identifying risks tied to or potentially impacting an organization's business processes. Continue Reading
By -
News
06 Feb 2024
Google: Spyware vendors are driving zero-day exploitation
Google's Threat Analysis Group urged further government action against commercial surveillance vendors that let customers abuse spyware products with impunity. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
02 Feb 2024
communications security (COMSEC)
Communications security (COMSEC) is the prevention of unauthorized access to telecommunications traffic or to any written information that is transmitted or transferred. Continue Reading
By- Paul Kirvan
- Ben Cole, Executive Editor
-
Feature
30 Jan 2024
7 benefits of Microsoft SharePoint
SharePoint offers a central repository where users can store and collaborate on business content. The tool's benefits include improved efficiency, scalability and compliance. Continue Reading
By -
News
29 Jan 2024
Citizen Lab details ongoing battle against spyware vendors
At the SANS Cyber Threat Intelligence Summit, Citizen Lab researcher Bill Marczak discusses spyware proliferation from commercial vendors such as NSO Group, Cytrox and Quadream. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
29 Jan 2024
Cybersecurity skills gap: Why it exists and how to address it
The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
By- Karen Scarfone, Scarfone Cybersecurity
-
News
18 Jan 2024
Chainalysis observes decrease in cryptocurrency crime in 2023
During 2023, Chainalysis tracked a decrease in the total value and volume of illicit cryptocurrency transactions. But it is unclear if the downward trend will continue. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
18 Jan 2024
information assurance (IA)
Information assurance (IA) is the practice of protecting physical and digital information and the systems that support the information. Continue Reading
By- Robert Sheldon
- Ben Cole, Executive Editor
-
Feature
17 Jan 2024
CISOs on alert following SEC charges against SolarWinds
The Securities and Exchange Commission announced charges against SolarWinds and its CISO in October, but will it help improve transparency or simply scare infosec executives? Continue Reading
By- Arielle Waldman, News Writer
-
News
16 Jan 2024
FCC adopts lead generation rules to protect consumer privacy
The new rules aim to protect consumers from scam communications perpetuated by robocalls and robotexts and give consumers the ability to choose which companies can contact them. Continue Reading
By- Mary Reines, News Writer
-
Feature
21 Dec 2023
The top 4 content management trends in 2024
Content management trends like generative AI, compliance, workflow automation and cloud deployment can help organizations automate processes and support remote work. Continue Reading
By -
Feature
30 Nov 2023
Records vs. document management: What's the difference?
Records and document management both help organizations share and use files, but these strategies have different goals, information, processes and systems. Continue Reading
By -
Tip
17 Nov 2023
SBOM formats compared: CycloneDX vs. SPDX vs. SWID Tags
Organizations can choose between three SBOM formats: CycloneDX, SPDX and SWID Tags. Learn more about them to determine which fits your organization best. Continue Reading
By- Ravi Das, ML Tech Inc.
-
Definition
14 Nov 2023
cardholder data environment (CDE)
A cardholder data environment (CDE) is a computer system or networked group of IT systems that processes, stores or transmits cardholder data or sensitive payment authentication data. Continue Reading
By- Rahul Awati
- Sharon Shea, Executive Editor
-
News
09 Nov 2023
SolarWinds fires back at SEC over fraud charges
SolarWinds said the SEC's lawsuit contains several 'false claims,' including allegations about how Russian nation-state hackers first got inside the company's network Continue Reading
By- Rob Wright, Senior News Director
-
Opinion
08 Nov 2023
Research points to 5 ways to improve cybersecurity culture
Respondents to a new Enterprise Strategy Group/ISSA survey offered five key points on how to strengthen an organization's cybersecurity culture. Continue Reading
By- Jon Oltsik, Analyst Emeritus
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Podcast
01 Nov 2023
Risk & Repeat: Breaking down SEC charges against SolarWinds
This episode covers the SEC charges against SolarWinds and CISO Timothy Brown for allegedly hiding known cybersecurity risks prior to the 2020 supply chain attack it suffered. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
31 Oct 2023
SEC charges SolarWinds for security failures, fraud
The SEC accused SolarWinds and CISO Timothy Brown of hiding known cybersecurity risks that were further highlighted by the supply chain attack revealed in 2020. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
31 Oct 2023
How to use Managed Google Play with Microsoft Intune
IT teams can connect their Managed Google Play accounts to Intune to get the best of both management tools. Integrate the two for easier Android Enterprise enrollment and more. Continue Reading
By- Helen Searle-Jones, Tritech Group
-
Definition
30 Oct 2023
ISO 27002 (International Organization for Standardization 27002)
The ISO 27002 standard is a collection of information security management guidelines that are intended to help an organization implement, maintain and improve its information security management. Continue Reading
By- Paul Kirvan
- Ben Cole, Executive Editor
-
Definition
27 Oct 2023
compliance officer
Compliance officers are employees tasked with ensuring a company follows its internal rules and best-practice policies while always complying with applicable external laws and government regulations. Continue Reading
-
Tip
27 Oct 2023
Top 12 IT security frameworks and standards explained
Several IT security frameworks and cybersecurity standards are available to help protect company data. Here's advice for choosing the right ones for your organization. Continue Reading
By -
Tip
26 Oct 2023
How to create a company password policy, with template
Use these guidelines and our free template to ensure your company's password policy sets the ground rules for strong and effective password creation and use. Continue Reading
By -
Definition
24 Oct 2023
SSAE 16
The Statement on Standards for Attestation Engagements No. 16 (SSAE 16) is a set of auditing standards and guidance on using the standards, published by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA), for redefining and updating how service companies report on compliance controls. Continue Reading
By- Cameron Hashemi-Pour, Site Editor
- Casey Clark, TechTarget
- Alex DelVecchio, Content Development Strategist
-
Definition
17 Oct 2023
speculative risk
Speculative risk is a type of risk the risk-taker takes on voluntarily and will result in some degree of profit or loss. Continue Reading
By- Rahul Awati
- Ben Cole, Executive Editor
-
Tip
17 Oct 2023
How to conduct a cyber-resilience assessment
It's a good cyber-hygiene practice to periodically review your organization's cybersecurity plans and procedures. Use this checklist to guide your cyber-resilience assessment. Continue Reading
By -
Answer
13 Oct 2023
What are the most important email security protocols?
Email was designed without security considerations. Email security protocols, including SMPTS, SPF and S/MIME, add mechanisms to keep messaging safe from threats. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
Definition
12 Oct 2023
chief risk officer (CRO)
The chief risk officer (CRO) is the corporate executive tasked with assessing and mitigating significant competitive, regulatory and technological threats to an enterprise's capital and earnings. Continue Reading
By- Mary K. Pratt
- Ben Cole, Executive Editor
- Chris Gonsalves, TechTarget
-
Feature
10 Oct 2023
Security posture management a huge challenge for IT pros
Enterprise Strategy Group's John Oltsik explains why executing security hygiene and posture management at scale remains an uphill battle for organizations, despite automation. Continue Reading
By- Linda Tucci, Industry Editor -- CIO/IT Strategy
-
Tip
10 Oct 2023
Security log management and logging best practices
Learn how to conduct security log management that provides visibility into IT infrastructure activities and traffic, improves troubleshooting and prevents service disruptions. Continue Reading
By -
Tip
06 Oct 2023
Collaboration security and governance must be proactive
Even as companies deploy more collaboration tools, they aren't keeping pace with effective governance strategies for these tools and their generated content. Continue Reading
By- Irwin Lazar, Metrigy Research
-
Tip
06 Oct 2023
Is Android fragmentation still a problem for IT teams?
Android fragmentation has been a significant challenge for enterprise IT managing the OS. Find out how to manage fragmentation in the Android operating system. Continue Reading
By -
Definition
04 Oct 2023
compliance as a service (CaaS)
Compliance as a service (CaaS) is a cloud service that specifies how a managed service provider (MSP) helps an organization meet its regulatory compliance mandates. Continue Reading
By- Ben Lutkevich, Site Editor
-
Definition
02 Oct 2023
ISO 31000 Risk Management
The ISO 31000 Risk Management framework is an international standard that provides organizations with guidelines and principles for risk management. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
- Brien Posey
-
Definition
21 Sep 2023
governance, risk and compliance (GRC)
Governance, risk and compliance (GRC) refers to an organization's strategy for handling the interdependencies among the following three components: corporate governance policies, enterprise risk management programs, and regulatory and company compliance. Continue Reading
By- Kinza Yasar, Technical Writer
- Paul Kirvan
- Alexander S. Gillis, Technical Writer and Editor
-
Definition
19 Sep 2023
total risk
Total risk is an assessment that identifies all the risk factors associated with pursuing a specific course of action. Continue Reading
-
Definition
12 Sep 2023
risk avoidance
Risk avoidance is the elimination of hazards, activities and exposures that can negatively affect an organization and its assets. Continue Reading
-
Definition
08 Sep 2023
pure risk
Pure risk refers to risks that are beyond human control and result in a loss or no loss with no possibility of financial gain. Continue Reading
By- Linda Tucci, Industry Editor -- CIO/IT Strategy
- Ben Cole, Executive Editor
-
Definition
08 Sep 2023
risk exposure
Risk exposure is the quantified potential loss from business activities currently underway or planned. Continue Reading
By- Dave Shackleford, Voodoo Security
- Ben Cole, Executive Editor
-
Definition
08 Sep 2023
risk profile
A risk profile is a quantitative analysis of the types of threats an organization, asset, project or individual faces. Continue Reading
-
Definition
08 Sep 2023
residual risk
Residual risk is the risk that remains after efforts to identify and eliminate some or all types of risk have been made. Continue Reading
By- Dave Shackleford, Voodoo Security
- Francesca Sales
-
Definition
08 Sep 2023
risk map (risk heat map)
A risk map (risk heat map) is a data visualization tool for communicating specific risks an organization faces. Continue Reading
-
Guest Post
30 Aug 2023
SEC cyber attack regulations prompt 10 questions for CISOs
New SEC regulations governing the disclosure of cyber attacks by public companies lead to 10 questions board members should ask their CISOs about managing cyber-risk. Continue Reading
By- Frank Kim, SANS Institute
-
Tip
16 Aug 2023
6 open source GRC tools compliance professionals should know
Organizations must meet a variety of regulatory compliance requirements today. Here's a look at six open source GRC tools and related resources that might help. Continue Reading
By- Ed Moyle, Drake Software
-
News
10 Aug 2023
Kemba Walden: We need to secure open source software
During her Black Hat USA 2023 keynote, the acting national cyber director said the White House wants to develop realistic policies to improve the security of open source software. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
08 Aug 2023
5 steps to ensure HIPAA compliance on mobile devices
IT must implement several measures to comply with HIPAA, and mobile devices can add further complexity to this process. Follow these important steps for mobile HIPAA compliance. Continue Reading
By- Michael Goad, CDW
-
Definition
03 Aug 2023
SOC 2 (System and Organization Controls 2)
SOC 2 (System and Organization Controls 2), pronounced "sock two," is a voluntary compliance standard for ensuring that service providers properly manage and protect the sensitive data in their care. Continue Reading
By- Robert Sheldon
- Alex DelVecchio, Content Development Strategist