Compliance news, analysis, research, how-to, opinion, and video.

audit checklist review
gavel court trial

bigdata problem thinkstock

5 reasons you need to hire a Chief Privacy Officer

Businesses are increasingly relying on data, but they're overlooking another key aspect of data: privacy. In order to keep up with the growing regulations surrounding data privacy, it may be time to hire a Chief Privacy Officer.

battle of trenton

Why your security strategy should not be created in a vacuum

Sound strategy supports the core business processes of the organization. It should be (as we often said in the military) a combat multiplier. Meaning it should bolster, strengthen, and galvanize each of the efforts of each business...

navy scuba

Defending against insider security threats hangs on trust

If your security strategy only considers malicious insiders when addressing the insider threat, you may be miscalculating the risk. Accidental incidents are nearly impossible to guard against.


Cybersecurity much more than a compliance exercise

An overwhelming number of security executives view compliance as an effective strategy. But it’s not, and many CISOs need to rethink their priorities.

credit cards 2

Compliance does not equal security

The effort to meet Level 1 PCI compliance reveals a new security mantra to our manager.


What's your cybersecurity whistleblower strategy?

Cybersecurity whistleblowers present a growing risk to organizations, but not for the reasons people may think. Most whistleblowers are not disgruntled rogues, but rather good people trying to get companies to address harmful or...

malware bug virus security magnifying glass detection

Facebook scandal or can bug bounties replace traditional web security?

Can crowd-sourcing approach to web security testing work for your corporate applications?

doctor tablet

How physicians can do no harm using social media

In this article, I’ll offer some practical advice on how physicians and others in healthcare can use social media without running afoul of their HIPAA compliance office.

walkway airport

Where we’ve been. Where we’re going.

As we wind down 2015 I think it’s a good time to throw my two cents into the morass of all the other “end of year recaps” and “next year predictions”. This is what I observed and what I think we’ll see in the future.

top 6 GRC certifications - intro title

The top 6 Governance, Risk and Compliance certifications

CEOs are always on the lookout for dependable folks who can identify potential exposures and quantify the impacts of risk on an organization while protecting the interests of employees, shareholders, other organizations and the...

security threat ninja hacker hacked

Spending millions on APT defense? Don’t forget about Third Party Risk Management

Being a large company, you have a risk when hiring a third-party consultant - you condemn them to be hacked instead of you.

idg treglia article image 270586172

Compliant does not equal protected: our false sense of security

Having regulatory compliance laws in place helps hold organizations accountable and clearly places the onus on organizations to protect the sensitive data they store. So, with regulatory compliance standards in place, does this...

window washing transparent

Microsoft details takedown requests in expanded transparency report

Microsoft released its latest statistics on government requests for users' data on Wednesday, including a new report on requests to have information taken down from the company's services.

expiration date can

Expired certificates cost businesses $15 million per outage

The average global 5,000 company spends about $15 million to recover from the loss of business due to a certificate outage -- and faces another $25 million in potential compliance impact

threatening clouds

Doing tokenization and cloud computing the PCI way

In our previous 2 parts to this article, we discussed various aspects of application security and PCI compliance. We conclude our series with a discussion of tokenization and cloud computing, and how to do it to make your PCI QSA...

Citibank credit card with an EMV chip

Debit cards lag credit cards in EMV migration, putting banks at risk

Three times as many credit cards will be chip-enabled by the end of the year as debit cards, making the slower banks bigger targets for cybercriminals.

credit cards

EMV transition will still leave security gaps

This October, US merchants and payment providers are scheduled to switch to new, more secure, chip-based payments. But financial transactions aren't going to become safer overnight, since the majority of merchants are still not ready...

FTC website

Court: FTC can take action on corporate data breaches

The US Court of Appeals has ruled that the FTC mandate to protect consumers against fraudulent, deceptive and unfair business practices extends to oversight of corporate cybersecurity efforts -- and lapses. But security experts are...

Load More