Compliance news, analysis, research, how-to, opinion, and video.

nyse stock trading

Man walking on tight rope which is unraveling problem mess danger risk

Web application security risks: Accept, avoid, mitigate or transfer?

Web application security is a very hot topic these days. What shall CISOs do with the related risks?

women in tech

Don't wait for educational process to close jobs gap: Hire women

Investing in scholarships and mentoring students is an accelerate way to bring in new talent

chip pin credit card reader

Retailers must upgrade authentication, encryption and pen testing

The PCI Security Standards Council now requires better authentication, encryption and penetration testing by companies that accept consumer payments, improvements lauded by security expert.

hand writing on chalkboard showing myth vs fact

Five most common myths about Web security

Running behind trendy APTs we tend to forget about common-sense approach and holistic risk assessment.

committee audit conference

Audit committee cheatsheet for IT and cyber professionals

What exactly do audit committees do and who gets to be on one.

cloud computing pondering reflective mystery

How compliance can be an excuse to shun the cloud

Companies in heavily regulated industries say they can't embrace the cloud due to compliance. That's just an excuse.

businessman with stress headache pain frustration

Reflections on the 2016 external audit season

Having a "to-do" hangover from this year's external audit report? Here's what you can do to minimize those recommendations next year - while making yourself and your boss look good.

us eu handshake

The impact of the new Trans-Atlantic privacy law

After 20 years of relative calm regarding the handling of personal data of EU citizens by U.S. companies, events over the past six months have instigated widespread reform. While the resolution is yet to be confirmed, the building...


Answers to audit committee questions that will keep you employed

Cybersecurity continues to receive increasing attention from the Audit Committee. For many information technology professionals this interest creates opportunities for exposure to this critical corporate oversight committee and the...

happy patient healthcare

Third-party vendors must abide by HIPAA privacy rules as well

This month I cover the HIPAA business associate rule, the FIPA, (Florida Information Protection Act) and summarize the latest FDA cyber security medical device guidance.

capitol dome government

Report: Federal agencies still fighting the last war

Federal government agencies are still fighting the last cybersecurity war, the one where computer networks had a strong, defensible perimeter, according to a new report by 451 Research

threat intelligence secrets sharing

Aetna CISO talks about threat intelligence and enterprise risk management

The growth of ISACs will continue as more companies learn that mature cyber security programs all share information to make their enterprises more resilient. Enterprise risk management today has significant upside to improve maturity...

fbi director james comey hearing

Why every leader needs to understand Apple vs. FBI

We must avoid any solution that provides a master key to any encryption technology. Violating the privacy of our citizens must remain the exception and not the rule.

Credit card on fire

Why PCI DSS cannot replace common sense and holistic risk assessment

Cybersecurity compliance is not designed to eliminate data breaches or stop cybercrime.

jrreagan 1400956646 89

Deloitte's Global CISO: authentication to become behavior based

We will discuss cybersecurity reliability, authentication after the mobile phone, EU General Data Protection Regulation, the role of the CISO and systems could protect users from themselves.

cso50 winners

CSO50 2016 winners announced

The CSO50 recognizes 50 security projects, taken on by 45 organizations, that demonstrate outstanding thought leadership and business value. These are their stories.

layoffs axe corporate business jobs fired terminated

Data breaches often result in CEO firing

We will explore the issues of reputational damage, incident cost, stock price impact, and increased regulatory attention. We will also discuss the fate of four CEOs who have faced cybersecurity breaches in the past three years.

capitol dome government

Firms expect greater government cybersecurity oversight

The U.S. Senate recently proposed a cybersecurity disclosure bill that would require public companies to describe what cybersecurity expertise their boards have, or, if they don't have any, what steps the companies are taking to get...

Load More