Compliance news, analysis, research, how-to, opinion, and video.

space launch systems
pixelated clouds reflecting on building windows

point of sale credit card pci

EMV transition involves many moving parts

There's a lot of finger pointing going around about why the transition is going so slowly, but the bottom line, according to experts, is that the United States has a more complicated infrastructure than other countries and the...

business person holding a briefcase 152121278

Update to risk management framework should be taken seriously

COSO, that same organization that sponsors that internal control framework for Sarbanes-Oxley control compliance, recently issued a long awaited exposure draft update to their Enterprise Risk Management framework. By translating the...

online security hacker

A pen test a day keeps hackers away

Penetration testing has evolved from a nice to have test to a mandatory test, Besides compliance a PEN test will tell you just how secure your organizations data really is. Your network is being scanned and attacked daily, don't wait...

point of sale credit card pci

PCI DSS 3.2: The evolution continues

The payment card industry security standard continues to “evolve” in the word of experts, in minimizing the most obvious risks of breaches and fraud. Merchant groups remain critical of what they see as too much of a “blame game”...

maze complex complexity

Infosec16: keep your cybersecurity strategy simple to win

Infosecurity Europe 2016 highlighted a great variety of emerging cybersecurity threats. Keeping things simple can help CISOs a lot.

01 checklist

SIEM: 14 questions to ask before you buy

Today's SIEM technology boasts more brain power than ever, but many organizations fail to realize its full promise. Here are the key questions you need to ask to ensure the solution you choose will deliver.

twitter cages

Twitter official says 'Automate or die'

At a recent Open Web Application Security Project (OWASP) meetup in San Francisco, Twitter Trust and Info Sec Officer (TISO), Michael Coates put it bluntly, “Automate or Die. This is the biggest thing I stick by in this day and age.”...

nyse stock trading

Regulators: cybersecurity poses biggest risk to global financial system

Last week, the chair of the Securities and Exchange Commission called cybersecurity the biggest risk facing the global financial industry. The SEC promises to step up regulation and Swift itself is expected to launch a new cyber...


How employees can share the IT security load

Security threats weigh heavily on IT and security professionals, and it is a responsibility that they should not bear alone. We all need to do our part to uphold the safeguarding of sensitive data.

Man walking on tight rope which is unraveling problem mess danger risk

Web application security risks: Accept, avoid, mitigate or transfer?

Web application security is a very hot topic these days. What shall CISOs do with the related risks?

women in tech

Don't wait for educational process to close jobs gap: Hire women

Investing in scholarships and mentoring students is an accelerate way to bring in new talent

chip pin credit card reader

Retailers must upgrade authentication, encryption and pen testing

The PCI Security Standards Council now requires better authentication, encryption and penetration testing by companies that accept consumer payments, improvements lauded by security expert.

hand writing on chalkboard showing myth vs fact

Five most common myths about Web security

Running behind trendy APTs we tend to forget about common-sense approach and holistic risk assessment.

committee audit conference

Audit committee cheatsheet for IT and cyber professionals

What exactly do audit committees do and who gets to be on one.

cloud computing pondering reflective mystery

How compliance can be an excuse to shun the cloud

Companies in heavily regulated industries say they can't embrace the cloud due to compliance. That's just an excuse.

businessman with stress headache pain frustration

Reflections on the 2016 external audit season

Having a "to-do" hangover from this year's external audit report? Here's what you can do to minimize those recommendations next year - while making yourself and your boss look good.

us eu handshake

The impact of the new Trans-Atlantic privacy law

After 20 years of relative calm regarding the handling of personal data of EU citizens by U.S. companies, events over the past six months have instigated widespread reform. While the resolution is yet to be confirmed, the building...


Answers to audit committee questions that will keep you employed

Cybersecurity continues to receive increasing attention from the Audit Committee. For many information technology professionals this interest creates opportunities for exposure to this critical corporate oversight committee and the...

Load More