Risk management and governance
With today's exponential advances in technology, CIOs, CTOs, CDOs and other IT leaders need critical advice on risk management and governance. Get news, guides and tips about technology-related compliance and data privacy issues, regulatory frameworks, limits on enterprise software development, cyber risk issues, metaverse dangers, cryptocurrency regulation and more.
Top Stories
-
Tip
19 Nov 2024
Best project portfolio management software and tools in 2025
Project portfolio management software and tools in 2025 promote strategic management of projects and agile tactics. Read our PPM list for guidance on which tools do what. Continue Reading
-
News
15 Nov 2024
Google breakup likely off the table under Trump
Donald Trump might not want to break up Google, but history suggests he won't slow antitrust enforcement efforts against bad actors. Continue Reading
-
News
19 May 2022
DHS pauses newly created Disinformation Governance Board
Concerns about the spread of disinformation prompted DHS to create the Disinformation Governance Board, which was immediately met with criticism from Republican lawmakers. Continue Reading
-
News
17 May 2022
MIT-CIO event explores pandemic's effect on digital ecosystems
Allan Tate, executive chair of the MIT Sloan CIO Symposium, lays out the big idea of the 2022 conference and explains how the event itself reflects its relevance. Continue Reading
-
News
13 May 2022
Policymaker proposes commission to oversee digital platforms
The proposed Federal Digital Platform Commission would oversee tech giants and could impose penalties and conduct investigations into bad conduct. Not everyone thinks it will work. Continue Reading
-
News
13 May 2022
Roe v. Wade reversal could hinder data privacy rights
Tech companies could start feeling pressure from consumers to limit data collection should Roe v. Wade be overturned. Continue Reading
-
Tip
13 May 2022
CIO vs. CTO: Key differences in roles and responsibilities
CIOs and CTOs both play a valuable role in a company's technology strategy, but their focus and responsibilities are different. Learn more. Continue Reading
-
Definition
12 May 2022
consumerization of IT
The consumerization of IT refers to how software and hardware products designed for personal use migrated into the enterprise and were used for work purposes. Continue Reading
-
News
12 May 2022
MIT Sloan innovation startups pursue AI at scale
Modzy and Snowplow are among the early-stage companies aiming to move AI from science project to enterprise asset. Success will let businesses reap the benefits of the technology. Continue Reading
-
News
05 May 2022
CIOs need to balance tech with business sustainability
As CIOs consider new technologies to help reach business sustainability goals, investors also want to see the right governance in place when it comes to climate risk management. Continue Reading
-
Definition
28 Apr 2022
business transformation
Business transformation is a term used to describe what happens when a company makes fundamental changes to how it operates. Continue Reading
-
News
27 Apr 2022
Elon Musk poised to disrupt social media industry
Elon Musk could disrupt the social media industry with his purchase of Twitter and move the company away from social media's traditional reliance on advertising revenue. Continue Reading
-
Feature
27 Apr 2022
Bolstered BPMN standard is core of new BPM+ ecosystem
BPMN, now part of the expansive BPM+ ecosystem, has been updated with new capabilities to handle complex business processes and the use of advanced technologies. Continue Reading
-
News
22 Apr 2022
Digital humanism aims to balance human needs, emerging tech
Digital humanism is an approach to designing a digital future with human values and needs in mind, a concept arriving in response to the unchecked power of digital platforms. Continue Reading
-
News
15 Apr 2022
SEC chair touts benefits of climate risk disclosure rule
Interested parties are weighing in on the SEC's proposed climate risk disclosure rule, which is available for comment until May 20. Continue Reading
-
News
15 Apr 2022
Tech giants balk at competition bill, Digital Markets Act
The EU has already reached an agreement on their Digital Markets Act, which would open tech giants' tightly controlled app stores and platforms to third parties. Continue Reading
-
Feature
14 Apr 2022
Study attests: Cloud apps, remote users add to data loss
A study from ESG found many customers attribute data loss and compliance troubles to the race to put apps in the cloud and accommodate remote workers amid the pandemic. Continue Reading
-
News
07 Apr 2022
Long, costly road ahead for FTC antitrust case against Meta
The Federal Trade Commission's antitrust case against Meta is relying on the argument that past acquisitions helped Meta maintain its dominance in the social media market. Continue Reading
-
Definition
05 Apr 2022
digital enterprise
A digital enterprise is an organization that uses technology as a competitive advantage in its internal and external operations. Continue Reading
-
Definition
05 Apr 2022
SOC 1 (System and Organization Controls 1)
System and Organization Controls 1, or SOC 1 (pronounced "sock one"), aims to control objectives within a SOC 1 process area and documents internal controls relevant to an audit of a user entity's financial statements. Continue Reading
-
News
31 Mar 2022
Tech companies in Ukraine open economic front in Russian war
Developers and engineers serve as an economic bulwark in the country's battle for survival. The regional reshuffling of talent, meanwhile, could spell higher costs for IT buyers. Continue Reading
-
News
24 Mar 2022
SEC's proposed climate rule a game-changer for sustainability
Experts are praising the SEC's newly proposed climate risk disclosure rule, which would require businesses to bake climate risk into their overall risk management plans. Continue Reading
-
News
23 Mar 2022
Metaverse platforms offer opportunity and risk for CIOs
Accenture's recent Technology Vision event underscored the transformational possibilities of virtual worlds, but also pointed to security and safety challenges. Continue Reading
-
Definition
21 Mar 2022
Sarbanes-Oxley Act (SOX) Section 404
Sarbanes-Oxley Act (SOX) Section 404 mandates that all publicly traded companies must establish internal controls and procedures for financial reporting and must document, test, and maintain those controls and procedures to ensure their effectiveness. Continue Reading
-
Definition
21 Mar 2022
COPPA (Children's Online Privacy Protection Act )
The Children's Online Privacy Protection Act of 1998 (COPPA) is a federal law that imposes specific requirements on operators of websites and online services to protect the privacy of children under 13. Continue Reading
-
Definition
15 Mar 2022
Chief Technology Officer (CTO)
The chief technology officer (CTO) is the individual within an organization who oversees the current technology and creates relevant policy. Continue Reading
-
News
07 Mar 2022
US awaits bill boosting technology competition with China
China's investments in tech have spurred the U.S. to take action with a U.S. technology competition bill funneling billions into tech innovation and development. Continue Reading
-
News
04 Mar 2022
Russian sanctions prompt tech to stop sales, curb services
At the urging of Ukraine's Vice Prime Minister Mykhailo Fedorov and economic sanctions, companies including Apple, Google and Microsoft have limited business operations in Russia. Continue Reading
-
Definition
02 Mar 2022
North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)
The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) plan is a set of standards aimed at regulating, enforcing, monitoring and managing the security of the Bulk Electric System (BES) in North America. Continue Reading
-
News
25 Feb 2022
Sanctions cost Russia US tech, and that may hurt
The U.S. has issued sanctions against Russia for its military invasion of Ukraine, which could face devastating IT service delivery disruption if the conflict continues. Continue Reading
-
News
16 Feb 2022
Proposal for federal tech policy focuses on privacy, security
The Future of Tech Commission wants the federal government to initiate a coordinated effort to address issues like data privacy and competition. Continue Reading
-
News
11 Feb 2022
House bill tracks foreign investment in U.S. mergers
The Foreign Merger Subsidy Disclosure Act would allow federal antitrust enforcement agencies to track foreign government investment behind U.S. business mergers. Continue Reading
-
News
08 Feb 2022
Federal regulatory efforts could affect VR, metaverse
Although Congress isn't looking to regulate VR or the metaverse yet, its efforts on antitrust and data privacy could have impacts down the road. Continue Reading
-
News
07 Feb 2022
IRS drops facial recognition plans after criticism
The agency said it will no longer require taxpayers to use a third-party website to authenticate identity and will develop its own tools to boost security and prevent fraud. Continue Reading
-
News
02 Feb 2022
Federal data privacy law efforts fizzle
As Congress shifts to antitrust enforcement, the momentum behind creating a federal data privacy law is waning. The states, meanwhile, are adopting privacy laws. Continue Reading
-
Definition
24 Jan 2022
Ethereum
Ethereum is an open source, distributed software platform based on blockchain technology. Continue Reading
-
News
18 Jan 2022
FTC, DOJ seek public input on merger guidelines
The FTC and DOJ want public input on the government's merger guidelines, used to challenge potentially anticompetitive mergers. The agencies believe the rules are out of date and ineffective. Continue Reading
-
Tip
22 Dec 2021
Cybersecurity asset management takes ITAM to the next level
Security pros need to focus on cybersecurity asset management for devices, services and the vendors that can help. Use our checklist to find out how and where to start. Continue Reading
-
Definition
28 Oct 2021
COSO Framework
The COSO Framework is a system used to establish internal controls to be integrated into business processes. Continue Reading
-
News
27 Oct 2021
Senators push for more online child privacy protections
U.S. senators expressed frustration with social media giants for not supporting specific legislation enhancing child privacy protections online. Continue Reading
-
Feature
18 Oct 2021
Litigants face tough road with antitrust lawsuits
As big tech companies like Google and Facebook fight antitrust lawsuits in court, experts are divided on whether core antitrust laws need updating for the modern economy. Continue Reading
-
Tip
12 Oct 2021
How to evaluate and select GRC vendors and tools
There is a variety of governance, risk and compliance software on the market. Learn about some of the available products and how best to evaluate GRC tools and vendors. Continue Reading
-
Feature
12 Oct 2021
Implementing an enterprise risk management framework
A well-designed ERM framework provides a playbook to avert corporate disasters, generate competitive advantages and create business opportunities. Continue Reading
-
News
30 Sep 2021
Differing data privacy polices challenge EU, US tech council
The EU-U.S. Trade and Technology Council plans to develop standards, address supply chain issues and define approaches to data governance, but the road ahead could be a bumpy one. Continue Reading
-
Guest Post
11 Aug 2021
IoT legislation device manufacturers need to know about
To avoid penalties and meet government agency requirements, IoT device manufacturers must adhere to new standards and regulations. Learn the latest here. Continue Reading
-
News
06 Aug 2021
Amazon GDPR fine signals expansion of regulatory focus
Amazon's $887 million GDPR fine likely stems from consumer consent and may indicate the EU is moving beyond data breaches and zeroing in on data practices. Continue Reading
-
Definition
17 Jun 2021
Gramm-Leach-Bliley Act (GLBA)
The Gramm-Leach-Bliley Act (GLB Act or GLBA), also known as the Financial Modernization Act of 1999, is a federal law enacted in the United States to control the ways financial institutions deal with the private information of individuals. Continue Reading
-
News
14 Jun 2021
Federal data privacy legislation could benefit U.S. economy
Data privacy laws are becoming part of a 'modern economy,' according to Google's Kate Charlet, director for data governance. Continue Reading
-
Tip
24 May 2021
An adequacy audit checklist to assess project performance
Adequacy audits are conducted to assess the efficacy of IT system controls and identify areas for performance or other improvements. Use this audit checklist to get started. Continue Reading
-
Feature
15 Apr 2021
Managing cybersecurity during the pandemic and in the new digital age
Roota Almeida, CISO at Delta Dental of New Jersey and Delta Dental of Connecticut, talks about the cybersecurity threats she's seen over the last year and how she's effectively managing her security team. Continue Reading
-
Definition
14 Apr 2021
compliance risk
Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting from its failure to act in accordance with industry laws and regulations, internal policies or prescribed best practices. Continue Reading
-
News
25 Feb 2021
Texas power outage flags need to revisit business continuity
Freezing conditions that caused Texas power outages affected businesses well beyond the state's borders, prompting a need for business continuity plans to be revisited. Continue Reading
-
Feature
11 Feb 2021
Changes to U.S. antitrust laws could hamper innovation
Antitrust lawsuits and regulatory proposals could have a greater impact on the technology industry than regulators expect. Expert Aurelien Portuese explains why. Continue Reading
-
Guest Post
16 Dec 2020
4 reasons to involve CISOs in mergers and acquisitions planning
As mergers and acquisitions go virtual due to COVID-19, the C-suite should include CISOs to help identify security risks, expedite cyber processes, review the new threat landscape and more. Continue Reading
-
News
10 Dec 2020
HHS proposes changes to HIPAA privacy rule
HHS wants to modify the HIPAA privacy rule to encourage better care coordination and make it easier for patients to access their health data. Continue Reading
-
Feature
24 Nov 2020
How does bureaucracy affect business? It's complicated
In his new book, 'The (Delicate) Art of Bureaucracy,' Mark Schwartz, enterprise strategist at AWS and former government bureaucrat, reveals how IT leaders can use bureaucracy to their advantage. Continue Reading
-
Tip
23 Nov 2020
How to conduct an IoT audit for compliance
To effectively prepare for and conduct an IoT audit, organizations need to understand which IT controls are in scope. Get actionable guidance on the audit process in this tip. Continue Reading
-
News
29 Oct 2020
Voting fraud technology could play role in momentous election
Vendors, academics and data scientists are developing technologies to detect irregularities in voting patterns. The turbulent U.S. election could provide fertile turf for the tools. Continue Reading
-
Guest Post
21 Oct 2020
Is your company's IT governance strategy cloud ready?
As companies prepare to migrate to the cloud, they need to review their IT governance strategy before making any decisions to ensure there won't be any issues later. Continue Reading
-
Tip
16 Oct 2020
COVID-19 jolts tech spending, spurs more flexible vendor terms
IT spending by companies in the early days of COVID-19 quickly turned to cost-cutting. Learn how vendors responded with new terms and aggressive discounting for new business. Continue Reading
-
Feature
24 Sep 2020
CMMC requirements set to ripple throughout DOD supply chain
The Department of Defense's CMMC requirements target defense contractors, but organizations throughout the DOD supply chain -- and beyond -- are prepping for the standards. Continue Reading
-
Guest Post
22 Sep 2020
Ensuring your cybersecurity teams are helping the business
Business leaders need to review how they're handling cybersecurity oversight. Are leaders asking the right questions and understanding how their cybersecurity program currently works? Continue Reading
-
Opinion
18 Sep 2020
Trump's dangerous US TikTok ban
President Trump's U.S. TikTok ban over national security is resting on a vague foundation. The concern can be applied to multiple industries and products. Continue Reading
-
Tip
02 Sep 2020
How to ensure cybersecurity and business continuity plans align
We're diving into how and why organizations should have a collection of emergency-focused plans in place that can interact with each other if a cybersecurity attack occurs. Continue Reading
-
Feature
19 Aug 2020
How to maintain cybersecurity remotely during the pandemic
In the second 2020 MIT Sloan CIO Digital Learning Series, a panel of IT security leaders discussed how they are keeping their organizations secure in a COVID-19 environment. Continue Reading
-
Tip
14 Aug 2020
How compliance provides stakeholders evidence of success
Company stakeholders know the importance of corporate compliance. Here's why gauging compliance stakeholders' expectations helps ensure regulatory processes will satisfy them. Continue Reading
-
Tip
11 Aug 2020
The 5 CMMC levels and how to achieve compliance
While the CMMC certification process is still in development, IT leaders should get familiar with the five CMMC levels and learn how to comply with the security maturity model. Continue Reading
-
Guest Post
06 Aug 2020
The contradiction of post COVID-19 risk management
Security vs. usability is always a constant struggle for security teams. The rapid change to remote access during the pandemic has forced companies to revisit their risk management approach. Continue Reading
-
Tip
27 Jul 2020
Why SLA compliance should be top of mind for IT leaders
Service-level agreements are critical to measuring agreed-upon metrics and ensuring accountability of both parties. Learn more about the importance of SLA compliance in IT. Continue Reading
-
Feature
24 Jul 2020
3 types of phishing attacks and how to prevent them
Phishing is the most common type of social engineering attack. Here is a list of the most common phishing attacks, how they wreak havoc on a business and how to protect against them. Continue Reading
-
Feature
21 Jul 2020
Where ISO certification fits in a risk mitigation strategy
Thomas Johnson explores why ISO certification helps organizations as part of their risk mitigation strategy in business continuity planning as companies adjust to the new normal. Continue Reading
-
Tip
21 Jul 2020
Why IT leaders need to be aware of deepfake security risks
While IT security leaders are not yet the target of deepfake attacks, with the increased use of AI, it's important they consider how it can be of harm to the enterprise. Continue Reading
-
Tip
15 Jul 2020
What is the Dodd-Frank voice recording rule for the swaps market?
A Dodd-Frank rule requires swaps dealers to record voice communications, which regulators designed to deter illicit financial activity and improve financial compliance. Continue Reading
-
Tip
07 Jul 2020
Prep a compliance audit checklist that auditors want to see
Think your enterprise is ready for its compliance audit? Check off key points in this compliance audit preparation checklist to ensure it has all the resources needed to help auditors do their job. Continue Reading
-
Tip
24 Jun 2020
IoT compliance standards and how to comply
To address IoT security concerns, it is critical for IT leaders to adhere to IoT compliance standards. Learn more about IoT compliance and its IT-relevant standards. Continue Reading
-
Feature
04 Jun 2020
Know how to secure your home network while working from home
Employees need to know how to properly protect their home networks as they work remotely, including setting policies for security, passwords, disaster recovery and more. Continue Reading
-
Tip
27 May 2020
Ensure IAM compliance by wielding key controls and resources
IAM compliance is a top priority for CIOs. Read up on IAM standards and regulations, and learn how to implement IAM controls to best stay compliant. Continue Reading
-
Opinion
18 May 2020
AI transparency mandates essential to protect private data
As AI use permeates industry, governments are updating laws to keep pace with the technology. AI transparency will be essential to ensure privacy and avoid risk to civil liberties. Continue Reading
-
Feature
12 May 2020
How to handle the risk of insider threats post-COVID-19
During these challenging times, organizations can't overlook the risk of insider threats as employees worry about layoffs, newly adopted remote working technology and more. Continue Reading
-
Tip
25 Mar 2020
Contract risk management: Focus on these 6 areas
Inspecting vendor contracts for risk is increasingly important as CIOs scramble to stay nimble in a volatile economy. ClearEdge Partners explains how to protect your interests. Continue Reading
-
Tip
24 Mar 2020
How to write an RFP and statement of work for an IT services contract
Master how to write an RFP and statement of work to get the IT services you need using these best practices from consulting firm ClearEdge Partners. Continue Reading
-
News
23 Mar 2020
Coronavirus pandemic ups the IT contract negotiation game
IT contract negotiation has always been a difficult dance between customers and vendors, but the coronavirus pandemic means there are new rules to navigate on both sides. Continue Reading
-
Tip
23 Mar 2020
Improve your IT contract negotiations by focusing on 5 factors
When buying technology, a bare-knuckle approach rarely succeeds. To get a good IT deal, CIOs should pay heed to five transformations driving businesses, ClearEdge's CEO says. Continue Reading
-
Tip
19 Mar 2020
Plan and implement a GRC framework with this checklist
Whether planning or updating your governance, risk and compliance program, use this guide to help simplify the initiative and successfully implement a GRC framework. Continue Reading
-
Tip
13 Mar 2020
How to negotiate a good software subscription agreement
A big mistake IT execs make in negotiating software subscription deals is overbuying. Here are seven steps from ClearEdge Partners' Rachel Annello that will lead to a better deal. Continue Reading
-
Tip
24 Jan 2020
How IoT, 5G, RPA and AI are opening doors to cybersecurity threats
In the second part of a series on CIOs preparing for cyberthreats in 2020, we look at how emerging technologies like IoT and the cloud became vulnerable to cyberattacks in the last year. Continue Reading
-
Tip
14 Jan 2020
Preparing for the new forms of cybersecurity threats in 2020
In the first part of a series on the new forms of cyberthreats in 2020, we're diving into the many infiltration points being targeted today and why CIOs should be prepared. Continue Reading
-
Feature
20 Dec 2019
Why better data visibility is necessary for your business
Lack of visibility into growing volumes of data leaves organizations at a privacy compliance and business disadvantage, but new data governance rules can help. Continue Reading
-
Feature
20 Dec 2019
In comparing GDPR and CCPA, lessons in compliance emerge
In anticipation of the CCPA Jan. 1, 2020, implementation date, business leaders should understand the parallels between GDPR and CCPA to learn from the EU's GDPR rollout period. Continue Reading
-
Feature
22 Nov 2019
GDPR compliance benefits emerge a year and a half later
While some may see GDPR as a set of restrictions, it can improve business practices. Learn more about the GDPR compliance benefits. Continue Reading
-
Feature
18 Nov 2019
IAM-driven biometrics in security requires adjustments
IAM is foundational to cybersecurity, but the latest systems use biometrics and other personal data. Learn how to cope with the resulting compliance and privacy issues. Continue Reading
-
Tip
18 Nov 2019
Biometric data privacy, ethical questions complicate modern IAM
Use of biometrics in IAM systems may help secure company systems and data, but it also raises privacy issues. Here's how to keep both your security and ethical standards high. Continue Reading
-
Feature
14 Nov 2019
Don't let edge computing security concerns derail your plans
Security concerns give many IT organizations pause when considering edge computing. But the potential problems can be overcome with proper planning and diligence. Continue Reading
-
Tip
29 Oct 2019
Regs create blueprint for industrial controls, IoT and IIoT
Protecting devices associated with industrial control systems, IoT and IIoT presents many challenges, but wide-ranging regulatory mandates can help guide cybersecurity processes. Continue Reading
-
Tip
03 Oct 2019
Challenges vs. benefits of edge computing security
Organizations moving more compute to the edges of their networks must adjust how they protect and govern their data and devices. But what should you expect along the way? Continue Reading
-
Tip
18 Sep 2019
Approach customer engagement by first asking good questions
Organizations need to align their customer strategy with their technology and know how to gather and use the right customer data when integrating all the components. Continue Reading
-
Tip
18 Sep 2019
Protect customer data with these 5 essential steps
Engagement with customers inevitably yields a trove of sensitive data. Learn the key steps you should take to stay compliant and secure in an era of virtual business. Continue Reading
-
Feature
13 Sep 2019
OT security brings new challenges in the age of IoT
We're diving into the IoT security challenges CIOs need to be aware of as a result of integrating OT devices, which often work in isolation, with IT technologies. Continue Reading
-
News
19 Aug 2019
Lack of U.S. cryptocurrency regulation invites risk
Daniel Allen explains how a lack of U.S. cryptocurrency regulation increases exploitation vulnerabilities, and shares his ideas for implementing regulatory oversight. Continue Reading
-
Tip
12 Aug 2019
New class of cloud security suite promises next-gen protection
Nemertes analyst John Burke points CIOs to a new type of cloud security offering that combines the functions of VPN, cloud firewall, secure web gateway and cloud access security broker. Continue Reading
-
Tip
16 Jul 2019
Facebook's Libra project -- why enterprises should prepare
Facebook's foray into cryptocurrency is setting off alarm bells in government and finance circles. The question is how could the Libra project help the enterprise? Continue Reading
-
Tip
16 Jul 2019
Ransomware attacks: How to get the upper hand
Ransomware attacks are on the rise. Can organizations play like Radiohead and refuse to pay? The answer from security experts is a qualified yes. Continue Reading