Risk management and governance
With today's exponential advances in technology, CIOs, CTOs, CDOs and other IT leaders need critical advice on risk management and governance. Get news, guides and tips about technology-related compliance and data privacy issues, regulatory frameworks, limits on enterprise software development, cyber risk issues, metaverse dangers, cryptocurrency regulation and more.
Top Stories
-
News
19 Dec 2024
Congress weighs Trump's approach to antitrust enforcement
Under the incoming Trump administration, antitrust enforcement might shift to one agency in a move some believe will streamline cases and improve efficiency. Continue Reading
-
News
11 Dec 2024
How AI agents are the next wave of generative technology
As agentic technology grows more popular, some are optimistic about what appears to be the next phase of AI. However, there are concerns about the tasks agents are doing. Continue Reading
-
Tip
18 Sep 2019
Protect customer data with these 5 essential steps
Engagement with customers inevitably yields a trove of sensitive data. Learn the key steps you should take to stay compliant and secure in an era of virtual business. Continue Reading
-
Feature
13 Sep 2019
OT security brings new challenges in the age of IoT
We're diving into the IoT security challenges CIOs need to be aware of as a result of integrating OT devices, which often work in isolation, with IT technologies. Continue Reading
-
News
19 Aug 2019
Lack of U.S. cryptocurrency regulation invites risk
Daniel Allen explains how a lack of U.S. cryptocurrency regulation increases exploitation vulnerabilities, and shares his ideas for implementing regulatory oversight. Continue Reading
-
Tip
12 Aug 2019
New class of cloud security suite promises next-gen protection
Nemertes analyst John Burke points CIOs to a new type of cloud security offering that combines the functions of VPN, cloud firewall, secure web gateway and cloud access security broker. Continue Reading
-
Tip
16 Jul 2019
Facebook's Libra project -- why enterprises should prepare
Facebook's foray into cryptocurrency is setting off alarm bells in government and finance circles. The question is how could the Libra project help the enterprise? Continue Reading
-
Tip
16 Jul 2019
Ransomware attacks: How to get the upper hand
Ransomware attacks are on the rise. Can organizations play like Radiohead and refuse to pay? The answer from security experts is a qualified yes. Continue Reading
-
Tip
13 Jun 2019
4 steps to remain compliant with SOX data retention policies
Data retention policy is inherent to Sarbanes-Oxley Act compliance. In this tip, learn SOX data retention best practices to remain regulatory compliant. Continue Reading
-
Feature
24 May 2019
Compliance rules usher in new era for personal data privacy policy
With the rollout of data privacy regulations, individual data rights and the right to be forgotten are forcing organizations to re-examine how they handle customer information. Continue Reading
-
News
21 May 2019
Surveillance technology under fire, amid growing societal concerns
As San Francisco halts city use of facial recognition technology, CIOs could see more regulatory actions against surveillance technology -- and more limits on their use of data. Continue Reading
-
News
17 May 2019
Trump's move to ban Huawei a wake-up call for IT execs
The Trump administration's move to effectively ban Huawei products from U.S. networks has big implications for IT execs in charge of supply chain sourcing and security. Continue Reading
-
Feature
30 Apr 2019
EU GDPR terms to know
Compliance regulations can be complicated to follow, particularly in the new age of data privacy. Here's a breakdown of the must-know terms for companies who are subject to GDPR. Continue Reading
-
Feature
24 Apr 2019
State data privacy laws, regulations changing CISO priorities
Attorney and IT security expert Scott Giordano discusses how the growing number of state data privacy laws are changing CISOs' information management role. Continue Reading
-
Feature
14 Mar 2019
AI security tech is making waves in incident response
Experts weigh in on the latest smart cybersecurity tools -- how they work, the implications for your IT security team and whether the investment is worth the expense. Continue Reading
-
Tip
18 Feb 2019
How AI cybersecurity thwarts attacks -- and how hackers fight back
IT leaders are using AI to take security to the next level. But how much security can AI provide? David Petersson examines where AI cybersecurity excels and how it can be fooled. Continue Reading
-
Feature
31 Dec 2018
Learning from 2018 cybersecurity incidents: Perform due diligence
Cybersecurity incidents continued to plague companies in 2018. Experts weigh in on the lessons learned and consumer responses to the largest information security breaches of the year. Continue Reading
-
Answer
21 Dec 2018
What role does machine learning play in the threat hunting process?
Fidelis Cybersecurity president and CEO Nick Lantuh discusses threat hunting best practices, including machine learning's role in corporate data protection. Continue Reading
-
Feature
19 Dec 2018
2018 articles spotlight innovation's cybersecurity and compliance risk
The top 2018 cybersecurity and compliance articles make a few things clear: digitization increases risk and requires innovative strategies to protect against evolving data threats. Continue Reading
-
Answer
14 Dec 2018
What's the difference between SLO vs. SLA?
Often used interchangeably, the terms SLO and SLA are not the same. Find out the key attributes of each and why each is important for managing service providers. Continue Reading
-
Blog Post
30 Nov 2018
Include dark web security strategies to strengthen security framework
As dark web security threats rise, enterprises should begin incorporating strategies to understand and implement dark web cyber-security measures. Continue Reading
-
Feature
30 Nov 2018
The future of data security threats and protection in the enterprise
The future of data security faces new threats at an ever-increasing rate. Read one expert's advice on having a data security strategy to assess and manage enterprise data security. Continue Reading
-
Tip
26 Nov 2018
4 cloud-based e-discovery strategies to target containerized data
A cloud migration requires evaluating any existing information governance programs. E-discovery in the cloud and for container-based data platforms requires a detailed strategy. Continue Reading
-
Tip
26 Nov 2018
E-discovery in the cloud introduces security, compliance issues
E-discovery is still reliable for organizing and preserving data for legal compliance, but e-discovery in the cloud and container-based storage complicate governance processes. Continue Reading
-
News
21 Nov 2018
Backer says U.S. Internet Bill of Rights will not follow EU model
Rep. Ro Khanna is on a mission to pass regulation that would shore up data privacy rights. But he's not looking to Europe's 'overprescriptive' approach for inspiration. Continue Reading
-
Answer
09 Nov 2018
How can enterprises benefit from automation in security?
Tufin Technical Director Joe Schreiber highlights how automating security operations can benefit an organization and discusses best practices for effective implementation. Continue Reading
-
News
31 Oct 2018
HBS panel discusses regulating social media platforms
At Harvard Business School's recent Tech Conference 24, three panelists discussed the potential need for regulating social media platforms by an independent, quasi-governmental system. Continue Reading
-
News
31 Oct 2018
Gartner Symposium 2018: 6 emerging trends in security
At Gartner Symposium 2018, analyst Peter Firstbrook highlighted the emerging trends in security that cybersecurity pros -- and their employers -- need to prep for in the next year. Continue Reading
-
Blog Post
31 Oct 2018
Will acquiring a cybersecurity company fix Facebook's security woes?
Earlier this month I wrote about lessons businesses can learn from the Facebook data breach that affected millions of users. News has now surfaced that Facebook is rumored to be shopping for a ... Continue Reading
-
Blog Post
30 Oct 2018
Cook's call: Put federal data privacy law in the spotlight
Federal data privacy law mandates have long been anathema to tech industry leaders, but Apple CEO Tim Cook's call for regulation could serve as a rallying cry for advocates of consumer's ... Continue Reading
-
News
24 Oct 2018
Cybersecurity culture: Arrow in CIOs' quiver to fight cyberthreats
Who should own your cybersecurity culture? How can we protect rampant IoT devices? MIT Sloan researchers clued CIOs into their latest research at Tuesday's SIM Boston Summit. Continue Reading
-
News
22 Oct 2018
ISSA International Conference 2018: Implement DoD-level security
The ISSA International 2018 Conference offers solutions for complicated privacy risks, and consultant Jeffrey Man counsels execs to take the DoD's approach to security maintenance. Continue Reading
-
News
04 Oct 2018
Lessons learned from the Facebook security breach
As details about the Facebook data breach continue to emerge, experts sound off on what companies can do to secure what has become a prime target for hackers: user account data. Continue Reading
-
Feature
02 Oct 2018
Sunkist Growers reaps the benefits of managed disaster recovery services
Sunkist Growers turned to DRaaS to make its disaster recovery options more practical for the company and its employees. But while the market is maturing, it might not work for all businesses. Continue Reading
-
News
13 Sep 2018
Federal privacy regulations usher in the age of tech lawmakers
Big tech and privacy advocates are lobbying for dramatically different federal data privacy rights. CIOs should pay attention to whom -- and what -- the legislation seeks to regulate. Continue Reading
-
Tip
12 Sep 2018
4 GDPR strategy tips to bring IT processes up to speed
The GDPR deadline has long passed, but U.S. companies remain behind on compliance. Experts provide GDPR compliance tips to make sure IT is on the right side of the privacy rules. Continue Reading
-
Tip
31 Aug 2018
Overcoming multi-cloud's risks, regulatory compliance challenges
Companies adopting multi-cloud data management models face numerous regulatory compliance challenges, but IT governance strategies are helping them protect disparate information. Continue Reading
-
Feature
31 Aug 2018
Survey: IT leaders invest to improve cybersecurity, compliance
As companies outgrow dated data protection and compliance management systems, IT leaders are making an investment in cybersecurity to avoid risk and stare down regulatory mandates. Continue Reading
-
Blog Post
29 Aug 2018
Cybersecurity education: North Dakota preps future workforce
North Dakota's CIO is behind a cybersecurity education program that aims to get the state's students up to speed on the essentials of IT security. Continue Reading
-
Feature
24 Aug 2018
Mandates create new GDPR roles, processes for compliant companies
As companies tweak IT processes to maintain General Data Protection Regulation compliance, the regulation raises questions about new, privacy-centric GDPR roles and responsibilities. Continue Reading
-
Feature
24 Aug 2018
Legal 'gray areas' holding back GDPR compliance program maturity
The regulation has been in place for months, but many companies are still behind with their GDPR compliance programs. Will it take a major violation to get companies to pay attention? Continue Reading
-
Feature
21 Aug 2018
Implementing machine learning to keep Facebook user data safe
Facebook Director of Security Aanchal Gupta shares how the social media giant is implementing machine learning in security to ensure user data is safe on its platform. Continue Reading
-
Feature
17 Aug 2018
5 strategies to address the GDPR data management conundrum
As IT executives continue to wrap their heads around GDPR, strategies are emerging to ease its data management compliance burden. Here are five that are already proving effective. Continue Reading
-
Feature
17 Aug 2018
Facebook cybersecurity: How the company is building a diverse team
Facebook director of security Aanchal Gupta sounds off on the need for diverse security teams and gives an overview of how the social media giant is working to make it happen. Continue Reading
-
Feature
16 Aug 2018
How to scale security: An inside look at how Facebook does it
Facebook director of security Aanchal Gupta sounds off on how the social media giant uses automation to scale security and highlights its best practices and key focus areas. Continue Reading
-
News
10 Aug 2018
Improving CISO-board communication: Partnership, metrics essential
With data breaches threatening the bottom line, CISO-board partnership is crucial. A new report by Kudelski Security looks at how to improve security communication with the board. Continue Reading
-
Blog Post
07 Aug 2018
Machine learning, AI in security: Advancing the cybersecurity landscape
More companies today are investing in AI-based cybersecurity technology to speed up incident detection and response, to better identify and communicate risk to the business, and to gain a better ... Continue Reading
-
Blog Post
31 Jul 2018
Cybersecurity trend watch: The power of data
It's no secret that data equals power in the digital marketplace, making strategies to protect that data a valuable business asset. The fast pace of IT advancement also makes the cybersecurity ... Continue Reading
-
Blog Post
31 Jul 2018
Cybersecurity trend watch: Data protection's business influence
As business leaders continue to realize the bottom line value of data protection, the cybersecurity market is already ripe for disruption. At the Gartner Security & Risk Management Summit in ... Continue Reading
-
Feature
24 Jul 2018
McAfee CISO: The importance of a strong cybersecurity culture
For McAfee CISO Grant Bourzikas, building a strong cyberdefense culture is essential because employees are the first line of defense to avoid rapidly evolving cybersecurity risks. Continue Reading
-
Feature
24 Jul 2018
McAfee CISO: Leadership buy-in essential to boost cybersecurity
As online risks continue to evolve, making sure company leadership buys in to efforts to improve cybersecurity posture has become essential, says McAfee CISO Grant Bourzikas. Continue Reading
-
News
22 Jun 2018
Herjavec: Cybersecurity investment now a priority for CEOs, boards
How did Robert Herjavec, CEO of a global IT security firm and star of ABC's 'Shark Tank,' know cybersecurity was gaining traction? He started getting meetings with the C-suite. Continue Reading
-
Answer
08 Jun 2018
How can companies protect against ransomware in the cloud?
When it comes to ransomware attacks, cloud storage is not foolproof. CyberSight's Hyder Rabbani offers tips about how to address cloud ransomware threats. Continue Reading
-
News
31 May 2018
Enterprise cybersecurity strategy: What a CIO needs to know
Digital transformation is leaving businesses exposed to more cyberattacks. At the MIT Sloan CIO Symposium, panelists explain how much cybersecurity expertise is expected of CIOs. Continue Reading
-
Tip
31 May 2018
GDPR and AI: Data collection documentation essential to compliance
It's important to remember that artificial intelligence data and AI algorithms must hold up against GDPR regulations. Here's where GDPR and AI intersect and what CIOs can do to remain compliant. Continue Reading
-
Feature
29 May 2018
Enterprise data encryption: Preparing for a post-quantum future
With the race toward quantum computing underway, interest in post-quantum encryption is growing. ISACA's Rob Clyde explains how CIOs and CISOs can get up to speed. Continue Reading
-
Feature
29 May 2018
The time to think about post-quantum cryptography is now
Rob Clyde, chairman-elect of ISACA's board of directors, worries a lot about the world according to qubits. He explains why here -- and why post-quantum cryptography should matter to CIOs. Continue Reading
-
Feature
21 May 2018
CISO careers: Several factors propel high turnover
The average CISO tenure is approximately 24 to 48 months. Kudelski Security's John Hellickson discusses factors driving the high turnover rate and how to improve job satisfaction. Continue Reading
-
Feature
14 May 2018
CISO soft skills in demand as position evolves into leadership role
Cybersecurity industry veteran Joan Pepin discusses how the evolution of the CISO role has made soft skills essential to thrive in the information security field. Continue Reading
-
News
11 May 2018
Force multipliers in cybersecurity: Augmenting your security workforce
During his RSA conference keynote, IBM Security's van Zadelhoff highlighted cybersecurity's top three force multipliers and explained best practices to deploy them. Continue Reading
-
Feature
09 May 2018
CISO: Data integrity and confidentiality are 'pillars' of cybersecurity
When it comes to protecting online info, one cybersecurity veteran says the role of a CISO is to first incorporate processes that maintain data integrity and confidentiality. Continue Reading
-
News
04 May 2018
Corporate IT rebrands its modern role: Reduce complexity
The days of corporate IT as a back-end function with its practitioners relegated to the basement are long over. But IT strategy in 2018 has its own host of challenges. Continue Reading
-
News
30 Apr 2018
Security awareness programs that work against human nature will fail
Security awareness programs should take into account that humans are basically 'lazy, social, creatures of habit,' said KnowBe4's Perry Carpenter at the CIO Boston Summit. Here are three tips. Continue Reading
-
News
30 Apr 2018
Top 2018 cybersecurity trends to watch out for
A glance at IT news shows cybersecurity trends remain on companies' radar. At the CIO Boston Summit, Cybereason's Jessica Stanford discussed steps to defend against risk. Continue Reading
-
Blog Post
27 Apr 2018
Vulnerability management programs need an upgrade for the cloud era
Gone are the days of simple, easily secured corporate networks. The proliferation of cloud computing, virtualization and containers means that the network is changing constantly, said Nate Palanov, ... Continue Reading
-
News
20 Apr 2018
Juniper CEO Rahim stresses cybersecurity training, automation at RSA 2018
During his RSA Conference keynote, Juniper CEO Rami Rahim encouraged leaders to be "agents of change" that embrace automation in cybersecurity and new training techniques. Continue Reading
-
Feature
17 Apr 2018
Tackling security debt: The role of risk register, patch management
In this Q&A, Akamai's Dave Lewis offers pointers on how to address security debt and also discusses how organizations can avoid incurring such debt. Continue Reading
-
Feature
13 Apr 2018
Lacking data management processes holds back digital business
The business fallout of poor data management processes goes well beyond security and privacy implications. Evident IT CEO David Thomas explains in this SearchCompliance Q&A. Continue Reading
-
Answer
11 Apr 2018
How do attackers build and use phishing kits?
With attackers looking to maximize their ROI, they are employing what is called a phishing kit to run scam campaigns. In this Ask the Expert, learn how such kits are built. Continue Reading
-
Feature
06 Apr 2018
Crypto-agility: Strategies and best practices to get there
Staying crypto-agile is vital for data security. Venafi's Paul Turner discusses how to establish crypto-agility and the need for creating an inventory of cryptographic assets. Continue Reading
-
Blog Post
30 Mar 2018
Cyber awareness program: How one CISO became a believer
It took a nation-state attack for Alan Levine to realize the importance of implementing a cyber awareness program. "I believed that cyber awareness training was useless because I believed my users ... Continue Reading
-
Tip
30 Mar 2018
How to overcome multi-cloud disaster recovery challenges
As multi-cloud environments proliferate, data backup and recovery tech is essential. Here's how to assess enterprise multi-cloud disaster recovery capabilities -- and limitations. Continue Reading
-
Feature
30 Mar 2018
FAQ: How is digitization influencing SEC compliance priorities?
As online trading and digital finance becomes the norm, updated SEC compliance regulations target these transactions in an effort to improve digital asset security. Continue Reading
-
Feature
29 Mar 2018
From phishing attempt circumvention to AI, new CIO has a big job
As the new CIO at Snow Software, Alastair Pooley is taking on a range of priorities, from helping the business to recognize a phishing attempt to exploring AI for customer support. Continue Reading
-
Feature
23 Mar 2018
Cybersecurity skills gap: Get creative about cyber hiring
Hiring candidates from disciplines beyond infosec can go a long way to address the widening cybersecurity skills gap, says industry veteran Javvad Malik. Continue Reading
-
Answer
20 Mar 2018
How can the CISO become a business enabler?
For a cybersecurity program to be effective, CISOs must be viewed as business enablers. Kudelski Security's John Hellickson offers tips on how CISOs can make the transformation. Continue Reading
-
Feature
19 Mar 2018
Cybersecurity trend forecast: Streamlined, simplified security
In this SearchCIO Q&A, Javvad Malik discusses why streamlining infosec processes is becoming a top cybersecurity trend and how new tech influences the infosec industry. Continue Reading
-
News
16 Mar 2018
Ex-Equifax CIO's insider trading indictment a red flag for IT execs
A former Equifax CIO has been indicted for insider trading following the company's 2017 data breach. Will it force IT execs to reexamine the importance of proper breach response? Continue Reading
-
Blog Post
15 Mar 2018
AI's exponential curve: More from my interview with ISACA's Rob Clyde
I recently talked about the use of AI in the enterprise with Rob Clyde, vice chairman of the board of directors at ISACA, an organization focused on IT governance. The conversation focused on a new ... Continue Reading
-
News
15 Mar 2018
ISACA: Build security into artificial intelligence hardware
A new paper on how to fight off malicious AI recommends adding security features to AI chips. ISACA's Rob Clyde explains why that's a good idea. Continue Reading
-
News
15 Mar 2018
Companies ill-equipped to combat malicious AI
Companies are on the precipice of being attacked by malicious AI but lack the skills and tools needed to put up a basic defense, according to ISACA's Rob Clyde. Continue Reading
-
News
06 Mar 2018
IBM's cloud strategy homes in on developers
To boost its profile in IaaS, IBM's cloud strategy has shifted focus from CIOs to developers. Whether the multipronged appeal to developers will pan out remains an open question. Continue Reading
-
Blog Post
28 Feb 2018
Quest for resilience turns up ransomware backup strategy
Waste Industries found an unexpected benefit in a software project that aimed to make data always available: a ransomware backup strategy. Continue Reading
-
Blog Post
28 Feb 2018
AI attacks are coming soon to a network near you
The rapid development of artificial intelligence and machine learning is a double-edged sword. The technologies are becoming cheaper and easier to apply to the enterprise, which is also making it ... Continue Reading
-
Blog Post
28 Feb 2018
Unlockable iPhones, leaked code among Apple's security woes
Security on Apple devices might not be as impenetrable as many thought. Forbes reported this week that Cellebrite, an Israel-based vendor and major U.S. government contractor, is now able to unlock ... Continue Reading
-
Blog Post
28 Feb 2018
Survey: Attorneys still lack proficiency in e-discovery technology
E-discovery technology has become an integral -- and essential -- element of the modern legal process, but a new report suggests attorneys are still struggling to embrace the technology. A survey ... Continue Reading
-
Feature
28 Feb 2018
New tech creates new attack vectors, cybersecurity vulnerabilities
CISO John Germain explains how tech like AI and IoT are revolutionizing business -- and creating new cybersecurity vulnerabilities as data protection is left on the back burner. Continue Reading
-
Answer
28 Feb 2018
Is end user training essential to data loss prevention program success?
Regulations like the GDPR promise to enforce stricter data protection rules. While a data loss prevention program can help, it requires end-user training to ease adoption. Continue Reading
-
News
27 Feb 2018
DLP implementation: Partner with the business for success
Data loss prevention strategies help prevent unauthorized disclosure of sensitive information. For a DLP strategy to be successful, however, business-wide buy-in is required. Continue Reading
-
Feature
27 Feb 2018
Tech, growing data sets complicate enterprise cybersecurity strategy
Emerging tech has grown companies' data sets and made IT environments increasingly complex. As IT capabilities evolve, enterprise cybersecurity strategy is struggling to keep up. Continue Reading
-
Blog Post
26 Feb 2018
DTIM platform: New weapon against digital threats?
Digital threats pose a big challenge for organizations today, and cybercrime groups are only getting better at achieving their goals: In 2016, nearly one billion personal records and over one ... Continue Reading
-
Feature
23 Feb 2018
Cybersecurity's shortage of skills leaves IT projects vulnerable
A recent study found that as IT projects proliferate, cybersecurity's shortage of skills is leaving tech vulnerable. Analyst and study author Jon Oltsik explains in this Q&A. Continue Reading
-
Podcast
23 Feb 2018
Relentless AI cyberattacks will require new protective measures
AI cyberattacks won't be particularly clever; instead, they'll be fast and fierce. Carnegie Mellon University's Jason Hong explains in this episode of 'Schooled in AI.' Continue Reading
-
Answer
22 Feb 2018
Tech vs. training: Where should business focus cybersecurity spending?
As information security budgets grow, cybersecurity spending needs to be focused on employee-centric areas like training to be effective. ISSA's Candy Alexander explains why. Continue Reading
-
News
19 Feb 2018
GRC professionals: Regs, big data, cloud top IT priorities 2018
Regulatory initiatives remain at the top of GRC pros' lists of tech projects, according to TechTarget's annual IT Priorities 2018 survey, but grab less attention than last year. Continue Reading
-
Tip
19 Feb 2018
How to prep for the GDPR breach notification rule
As companies prep for GDPR compliance, its breach notification rule is making waves. Csaba Krasznay, security evangelist at Balabit, discusses how to prep for Article 33 of GDPR. Continue Reading
-
News
16 Feb 2018
CISO responsibilities: Building a mission-based cybersecurity program
'Vanquish the enemy you can see ... then prepare for the next engagement.' Brooks Brothers' Phillip Miller gives fellow CISOs new ways to think about a cybersecurity program. Continue Reading
-
Blog Post
09 Feb 2018
Being Cyber Essentials certified will help prep for GDPR
With enforcement of the EU General Data Protection Regulation (GDPR) in the offing, organizations are busy preparing for a new era in privacy regulation. But UK companies that are Cyber Essentials ... Continue Reading
-
Tip
01 Feb 2018
RM principles should guide compliance management system development
Regulatory agencies offer broad guidance for compliance management system development, but companies may be best served by referring to widely accepted risk management principles. Continue Reading
-
News
31 Jan 2018
Law firm: Trump administration policies may reshape IT outsourcing
Trump administration policies on the H-1B visa program for foreign workers and 'political uncertainty' may accelerate the move to the cloud in 2018, a Mayer Brown attorney says. Continue Reading
-
News
31 Jan 2018
Ransomware outbreak threat calls for backup and DR strategy
IT departments deploy a range of data restore approaches to mitigate the risk of a debilitating ransomware attack. Time is of the essence, however. Continue Reading
-
News
30 Jan 2018
In 2018, legal tech trends attest to power of data
Data becomes paramount, worldwide laws may call for contractual changes and the demand for digital services is prompting a litigation shift, according to law firm Mayer Brown. Continue Reading