Risk management and governance
With today's exponential advances in technology, CIOs, CTOs, CDOs and other IT leaders need critical advice on risk management and governance. Get news, guides and tips about technology-related compliance and data privacy issues, regulatory frameworks, limits on enterprise software development, cyber risk issues, metaverse dangers, cryptocurrency regulation and more.
Top Stories
-
News
04 Feb 2025
U.S. tariffs could stymie executives' product decisions
As trade tensions escalate, business leaders will be faced with tough decisions about product sourcing moving forward. Continue Reading
-
News
04 Feb 2025
Assessing if DeepSeek is safe to use in the enterprise
The AI vendor has found popularity with its reasoning model. However, based on geopolitical tensions and safety tests, there are questions about whether enterprises should use it. Continue Reading
-
Blog Post
28 Feb 2018
Survey: Attorneys still lack proficiency in e-discovery technology
E-discovery technology has become an integral -- and essential -- element of the modern legal process, but a new report suggests attorneys are still struggling to embrace the technology. A survey ... Continue Reading
-
Feature
28 Feb 2018
New tech creates new attack vectors, cybersecurity vulnerabilities
CISO John Germain explains how tech like AI and IoT are revolutionizing business -- and creating new cybersecurity vulnerabilities as data protection is left on the back burner. Continue Reading
-
Answer
28 Feb 2018
Is end user training essential to data loss prevention program success?
Regulations like the GDPR promise to enforce stricter data protection rules. While a data loss prevention program can help, it requires end-user training to ease adoption. Continue Reading
-
News
27 Feb 2018
DLP implementation: Partner with the business for success
Data loss prevention strategies help prevent unauthorized disclosure of sensitive information. For a DLP strategy to be successful, however, business-wide buy-in is required. Continue Reading
-
Feature
27 Feb 2018
Tech, growing data sets complicate enterprise cybersecurity strategy
Emerging tech has grown companies' data sets and made IT environments increasingly complex. As IT capabilities evolve, enterprise cybersecurity strategy is struggling to keep up. Continue Reading
-
Blog Post
26 Feb 2018
DTIM platform: New weapon against digital threats?
Digital threats pose a big challenge for organizations today, and cybercrime groups are only getting better at achieving their goals: In 2016, nearly one billion personal records and over one ... Continue Reading
-
Feature
23 Feb 2018
Cybersecurity's shortage of skills leaves IT projects vulnerable
A recent study found that as IT projects proliferate, cybersecurity's shortage of skills is leaving tech vulnerable. Analyst and study author Jon Oltsik explains in this Q&A. Continue Reading
-
Podcast
23 Feb 2018
Relentless AI cyberattacks will require new protective measures
AI cyberattacks won't be particularly clever; instead, they'll be fast and fierce. Carnegie Mellon University's Jason Hong explains in this episode of 'Schooled in AI.' Continue Reading
-
Answer
22 Feb 2018
Tech vs. training: Where should business focus cybersecurity spending?
As information security budgets grow, cybersecurity spending needs to be focused on employee-centric areas like training to be effective. ISSA's Candy Alexander explains why. Continue Reading
-
News
19 Feb 2018
GRC professionals: Regs, big data, cloud top IT priorities 2018
Regulatory initiatives remain at the top of GRC pros' lists of tech projects, according to TechTarget's annual IT Priorities 2018 survey, but grab less attention than last year. Continue Reading
-
Tip
19 Feb 2018
How to prep for the GDPR breach notification rule
As companies prep for GDPR compliance, its breach notification rule is making waves. Csaba Krasznay, security evangelist at Balabit, discusses how to prep for Article 33 of GDPR. Continue Reading
-
News
16 Feb 2018
CISO responsibilities: Building a mission-based cybersecurity program
'Vanquish the enemy you can see ... then prepare for the next engagement.' Brooks Brothers' Phillip Miller gives fellow CISOs new ways to think about a cybersecurity program. Continue Reading
-
Blog Post
09 Feb 2018
Being Cyber Essentials certified will help prep for GDPR
With enforcement of the EU General Data Protection Regulation (GDPR) in the offing, organizations are busy preparing for a new era in privacy regulation. But UK companies that are Cyber Essentials ... Continue Reading
-
Tip
01 Feb 2018
RM principles should guide compliance management system development
Regulatory agencies offer broad guidance for compliance management system development, but companies may be best served by referring to widely accepted risk management principles. Continue Reading
-
News
31 Jan 2018
Law firm: Trump administration policies may reshape IT outsourcing
Trump administration policies on the H-1B visa program for foreign workers and 'political uncertainty' may accelerate the move to the cloud in 2018, a Mayer Brown attorney says. Continue Reading
-
News
31 Jan 2018
Ransomware outbreak threat calls for backup and DR strategy
IT departments deploy a range of data restore approaches to mitigate the risk of a debilitating ransomware attack. Time is of the essence, however. Continue Reading
-
News
30 Jan 2018
In 2018, legal tech trends attest to power of data
Data becomes paramount, worldwide laws may call for contractual changes and the demand for digital services is prompting a litigation shift, according to law firm Mayer Brown. Continue Reading
-
Tip
19 Jan 2018
IT areas of focus in 2018 include outcome-based security services, data lakes
Rahul Singh, managing director at IT outsourcing advisory Pace Harmon, dissects the 2018 trends in three important IT areas for CIOs. Continue Reading
-
Blog Post
15 Jan 2018
For CFOs, cybersecurity investments become a priority
Cybersecurity is no longer just an IT problem; it's a cross-functional priority for the enterprise. As cyberattacks and cyber risk continue to swell, the cybersecurity consciousness among the ... Continue Reading
-
Feature
14 Aug 2017
Mitigating security risks posed by emerging tech: Expert advice
Companies are in hot pursuit of the benefits offered by cutting-edge technologies, but mitigating security risks often gets scant attention. CIOs need to change that. Here's how. Continue Reading
-
News
28 Jul 2017
No code platform: Verité manages big projects via Quick Base
Verité, a non-profit organization focusing on labor conditions in international supply chains, turned to a no code product to boost efficiency and manage complex projects. Continue Reading
-
Tip
12 Jun 2017
Data asset curation: The guidelines to determine information usability
Keeping track of existing data assets is increasingly difficult, but detailed curation of this vital company information can help streamline evolving digital governance processes. Continue Reading
-
Video
25 Aug 2016
The difference between pipe and platform business models
Sangeet Paul Choudary, founder and CEO at advisory and research firm, Platformation Labs, explains the difference between platform business models and traditional pipe models. Continue Reading
-
Tip
03 Aug 2016
Aligning IT and compliance procedures increasingly a business priority
Companies' regulatory management and tech teams often still operate independently, but businesses are starting to recognize the benefits of IT and compliance procedure alignment. Continue Reading
-
Tip
28 Apr 2016
Without IT process documentation, companies risk being held 'hostage' by IT
As cybersecurity breaches surge, it's important that company leadership know what IT is up to. Kevin McDonald explains why IT process documentation is a must-have best practice. Continue Reading
-
Tip
08 Jan 2016
The steps to effective cybersecurity incident response
Planning and foresight are essential to any cybersecurity incident response plan. Follow these steps to make sure you're ready for a data breach. Continue Reading
-
Tip
07 Jan 2016
How to test your DR/BC plan
Woe to the IT organization that hasn't taken its DR/BC plan out for a spin. The right kind of testing will close the gaps and save IT and the business a lot of grief. Continue Reading
-
Tip
29 Sep 2015
How to govern your IT outsourcing provider after the ITO deal is done
The best ITO deals need tweaking as time goes on. Good governance ensures that you and your IT outsourcing provider are on the same page. Continue Reading
-
Tip
10 Mar 2015
Staff shortage impacted by security and compliance skills demand
The data threat landscape has forced companies to rethink hiring processes before a staff shortage negatively impacts security and compliance. Continue Reading
-
Definition
20 Feb 2015
agreed-upon procedures (AUP)
Agreed-upon procedures are the standards a company or client outlines when it hires an external party to perform an audit on specific tests or business process and then report on the results. Continue Reading
-
Tip
03 Oct 2014
SOX compliance reliant on data governance strategy, with IT support
SOX compliance hinges on an effective data governance strategy, but much needed help is available from information technology tools and processes. Continue Reading
-
News
31 Jul 2014
The benefits and drawbacks of regulatory compliance automation
Increasingly complicated compliance mandates have led some businesses to implement automated processes to save resources. Participants in July's #GRCChat said compliance automation can assist data management, but also warned of unintended consequences. Continue Reading
-
News
24 Jul 2014
What to include in a post-DR-test after-action review
What should go into your organization's after-action review following a disaster recovery test? #CIOChat participants suggest what to include in the report and why. Continue Reading
-
Tip
09 Jul 2014
Three steps to keep IT policies and procedures regulatory compliant
Corporate compliance and risk management expert Jeffrey Jenkins shares how he ensures IT policies and procedures remain in sync with current compliance regulations. Continue Reading
-
Feature
24 Jun 2014
Can automated segregation of duties benefit regulatory compliance?
In this feature, Michael Rasmussen explains why automated SoD reduces compliance costs as well as the potential for fraud and lawsuits. Continue Reading
-
Tip
18 Nov 2013
Preparation underway for Dodd-Frank conflict mineral disclosures
Dodd-Frank conflict mineral provisions create new disclosure rules for public companies. In this tip, learn how to prepare for the regulations. Continue Reading
-
Tip
13 Nov 2013
CIO tip: Learn how to present a risk-management plan to the board
CIO tip: Companies are getting serious about risk management plans -- and leaning on CIOs to help them. Continue Reading
-
Tip
22 Oct 2013
Three strategies to align organizational compliance and security goals
Compliance and security departments sometimes have an adversarial relationship, but organizations can benefit from aligning their strategic goals. Continue Reading
-
Feature
30 Jul 2013
All aboard: CIO wins the battle, initiates centralized IT organization
Our SearchCIO IT Leader of the Year Award winner, CIO Eric Hawley, explains how he built a centralized IT environment -- starting with listening. Continue Reading
-
Opinion
12 Jun 2013
The GRC maturity model and value proposition
In this CIO Matters column, Harvey Koeppel takes a look at the GRC maturity model and how CIOs can turn risk management into business value. Continue Reading
-
Tip
28 Feb 2013
Four steps to defining and articulating the role of risk management
Risk management programs are under pressure from all quarters. Here are four steps to defining and articulating the role of risk management. Continue Reading
-
Definition
01 Feb 2013
business continuity management (BCM)
Business continuity management (BCM) is a framework for identifying an organization's risk of exposure to internal and external threats. Continue Reading
-
Tip
01 Nov 2012
Free IT organizational structure chart templates for the CIO
Use these free IT organizational structure chart templates to illustrate the relationships and hierarchy between various IT roles in your enterprise. Continue Reading
-
News
23 Apr 2012
ISACA: Update to COBIT 5 governance framework maximizes IT assets
ISACA’s update to its popular COBIT 5 framework incorporates a business-wide approach the organization says helps enterprises maximize their information and technology assets. Continue Reading
-
Tip
02 Mar 2012
Is your SaaS system in line with SOX compliance requirements?
A SaaS vendor can provide many benefits, but adhering to SOX compliance requirements remains a concern. Here’s help to stay compliant when using Software as a Service. Continue Reading
-
Tutorial
03 Oct 2011
FAQ: Four criteria for an effective IT innovation strategy
In this FAQ, IT executives share four ways to kick-start and manage an IT innovation strategy that drives business value and transformation. Continue Reading
-
Tip
16 Aug 2011
How protecting against the OWASP Top 10 helps prevent compliance risk
Mapping security processes to protect against the OWASP Top 10 could ease Web application vulnerabilities and help some companies stay compliant. Continue Reading
-
Quiz
15 Aug 2011
Test your social media risk management IQ: A SearchCompliance.com quiz
Proliferating social networks have cast a spotlight on social media risk management. Take our quiz to find out if you are up to speed on social media. Continue Reading
-
Definition
07 Mar 2011
control framework
A control framework is a data structure that organizes and categorizes an organization’s internal controls, which are practices and procedures established to create business value and minimize risk. Continue Reading
-
Tip
10 Dec 2010
AML compliance and money service businesses
Money service businesses are a growing part of the financial services industry but compliance with anti-money regulations is critical. Continue Reading
-
Feature
17 Jun 2010
FAQ: GARP and how it helps you achieve better information governance
Many organizations do not have an information governance structure that works with defined record-keeping principles that ensures accountability. GARP may be your answer. Continue Reading
-
Tip
06 Oct 2009
Threat management for information systems relies on categorization
Every information system faces threats, but not all threats should be treated equally. ISO 27005 offers a guide on how to categorize threats to your organization. Continue Reading
-
News
06 Oct 2009
GPS devices, geolocation data create privacy, security risks
Emerging technologies that allow users to broadcast geographic locations raise many issues for companies, CIOs, while legislatures and the FTC consider legal aspects. Continue Reading
-
Tip
01 Oct 2009
HIPAA-covered entities' first step should be a quality assurance plan
HIPAA-covered entities must leverage or install a good QA team, an effort that should be driven from the top down and be part of the strategic plan of the technology organization. Continue Reading
-
Feature
22 Jun 2009
Chapter excerpt: Decision-making processes and IT governance
Find out how sound decision-making processes form the foundation of IT governance policies by allocating decision rights and accountability. Continue Reading
-
News
19 Jun 2009
Twitter security risks, popularity spark regulatory concerns
Twitter can be used for social good, business and journalism, but the potential for exploitation by cybercriminals and noncompliance with regulatory requirements is real and growing. Continue Reading
-
Tip
09 Jun 2009
How AML compliance applies to remote deposit capture
Financial institutions rushing to deploy remote deposit capture (RDC) need to consider how the Bank Secrecy Act and anti-money laundering regulations apply to the technology. In this tip, Dan Fisher explains what measures institutions need to take to ensure compliance with BSA/AML laws in their RDC implementations. Continue Reading
-
Tip
19 May 2009
Why it may not be ideal for your lawyer to be your compliance officer
While lawyers bring a certain expertise to the table, business leaders need a broader range of technical, security and communications skills in their compliance officers. Continue Reading
-
Definition
12 Mar 2009
Electronic Communications Privacy Act (ECPA)
The Electronic Communications Privacy Act (ECPA) is a United States federal statute that prohibits a third party from intercepting or disclosing communications without authorization. Continue Reading
-
Definition
29 Jan 2009
Fair Credit Reporting Act (FCRA)
The Fair Credit Reporting Act (FCRA) is United States federal legislation that promotes accuracy, fairness and privacy for data used by consumer reporting agencies. Continue Reading
-
Definition
06 Mar 2008
FFIEC compliance (Federal Financial Institutions Examination Council)
FFIEC compliance is conformance to a set of standards for online banking issued in October 2005 by the Federal Financial Institutions Examination Council (FFIEC)... (Continued) Continue Reading