Compliance news, analysis, research, how-to, opinion, and video.

hand writing on chalkboard showing myth vs fact
committee audit conference

cloud computing pondering reflective mystery

How compliance can be an excuse to shun the cloud

Companies in heavily regulated industries say they can't embrace the cloud due to compliance. That's just an excuse.

businessman with stress headache pain frustration

Reflections on the 2016 external audit season

Having a "to-do" hangover from this year's external audit report? Here's what you can do to minimize those recommendations next year - while making yourself and your boss look good.

us eu handshake

The impact of the new Trans-Atlantic privacy law

After 20 years of relative calm regarding the handling of personal data of EU citizens by U.S. companies, events over the past six months have instigated widespread reform. While the resolution is yet to be confirmed, the building...


Answers to audit committee questions that will keep you employed

Cybersecurity continues to receive increasing attention from the Audit Committee. For many information technology professionals this interest creates opportunities for exposure to this critical corporate oversight committee and the...

happy patient healthcare

Third-party vendors must abide by HIPAA privacy rules as well

This month I cover the HIPAA business associate rule, the FIPA, (Florida Information Protection Act) and summarize the latest FDA cyber security medical device guidance.

capitol dome government

Report: Federal agencies still fighting the last war

Federal government agencies are still fighting the last cybersecurity war, the one where computer networks had a strong, defensible perimeter, according to a new report by 451 Research

threat intelligence secrets sharing

Aetna CISO talks about threat intelligence and enterprise risk management

The growth of ISACs will continue as more companies learn that mature cyber security programs all share information to make their enterprises more resilient. Enterprise risk management today has significant upside to improve maturity...

fbi director james comey hearing

Why every leader needs to understand Apple vs. FBI

We must avoid any solution that provides a master key to any encryption technology. Violating the privacy of our citizens must remain the exception and not the rule.

Credit card on fire

Why PCI DSS cannot replace common sense and holistic risk assessment

Cybersecurity compliance is not designed to eliminate data breaches or stop cybercrime.

jrreagan 1400956646 89

Deloitte's Global CISO: authentication to become behavior based

We will discuss cybersecurity reliability, authentication after the mobile phone, EU General Data Protection Regulation, the role of the CISO and systems could protect users from themselves.

cso50 winners

CSO50 2016 winners announced

The CSO50 recognizes 50 security projects, taken on by 45 organizations, that demonstrate outstanding thought leadership and business value. These are their stories.

layoffs axe corporate business jobs fired terminated

Data breaches often result in CEO firing

We will explore the issues of reputational damage, incident cost, stock price impact, and increased regulatory attention. We will also discuss the fate of four CEOs who have faced cybersecurity breaches in the past three years.

capitol dome government

Firms expect greater government cybersecurity oversight

The U.S. Senate recently proposed a cybersecurity disclosure bill that would require public companies to describe what cybersecurity expertise their boards have, or, if they don't have any, what steps the companies are taking to get...

ancient stone wall

Web Application Firewall: a must-have security control or an outdated technology?

Can WAF be an efficient security control for modern web applications?

audit checklist review

What every IT department needs to know about IT audits

Today's IT departments are faced with deadlines to deploy and fix an ever increasing array of advanced technology. All of this while trying to maintain some sort of security and compliance posture. Add to this budget cuts and staff...

gavel court trial

Security negligence goes to court

The number of people whose data was breached in 2015 exceeded that of the previous year. How do we plan to regulate these cases? What should organizations be compelled to do in order to protect the sensitive information they store?...

bigdata problem thinkstock

5 reasons you need to hire a Chief Privacy Officer

Businesses are increasingly relying on data, but they're overlooking another key aspect of data: privacy. In order to keep up with the growing regulations surrounding data privacy, it may be time to hire a Chief Privacy Officer.

battle of trenton

Why your security strategy should not be created in a vacuum

Sound strategy supports the core business processes of the organization. It should be (as we often said in the military) a combat multiplier. Meaning it should bolster, strengthen, and galvanize each of the efforts of each business...

Load More