Compliance
Compliance with corporate, government and industry standards and regulations is critical to meet business goals, reduce risk, maintain trust and avoid fines. Get advice on audit planning and management; laws, standards and regulations; and how to comply with GDPR, PCI DSS, HIPAA and more.
Top Stories
-
Feature
30 Nov 2023
Records vs. document management: What's the difference?
Records and document management both help organizations share and use files, but these strategies have different goals, information, processes and systems. Continue Reading
-
Tip
17 Nov 2023
SBOM formats compared: CycloneDX vs. SPDX vs. SWID Tags
Organizations can choose between three SBOM formats: CycloneDX, SPDX and SWID Tags. Learn more about them to determine which fits your organization best. Continue Reading
-
News
09 Nov 2023
SolarWinds fires back at SEC over fraud charges
SolarWinds said the SEC's lawsuit contains several 'false claims,' including allegations about how Russian nation-state hackers first got inside the company's network Continue Reading
-
Opinion
08 Nov 2023
Research points to 5 ways to improve cybersecurity culture
Respondents to a new Enterprise Strategy Group/ISSA survey offered five key points on how to strengthen an organization's cybersecurity culture. Continue Reading
-
Podcast
01 Nov 2023
Risk & Repeat: Breaking down SEC charges against SolarWinds
This episode covers the SEC charges against SolarWinds and CISO Timothy Brown for allegedly hiding known cybersecurity risks prior to the 2020 supply chain attack it suffered. Continue Reading
-
News
31 Oct 2023
SEC charges SolarWinds for security failures, fraud
The SEC accused SolarWinds and CISO Timothy Brown of hiding known cybersecurity risks that were further highlighted by the supply chain attack revealed in 2020. Continue Reading
-
Tip
31 Oct 2023
How to use Managed Google Play with Microsoft Intune
IT teams can connect their Managed Google Play accounts to Intune to get the best of both management tools. Integrate the two for easier Android Enterprise enrollment and more. Continue Reading
-
Tip
27 Oct 2023
Top 12 IT security frameworks and standards explained
Several IT security frameworks and cybersecurity standards are available to help protect company data. Here's advice for choosing the right ones for your organization. Continue Reading
-
Tip
26 Oct 2023
How to create a company password policy, with template
Use these guidelines and our free template to ensure your company's password policy sets the ground rules for strong and effective password creation and use. Continue Reading
-
Tip
17 Oct 2023
How to conduct a cyber-resilience assessment
It's a good cyber-hygiene practice to periodically review your organization's cybersecurity plans and procedures. Use this checklist to guide your cyber-resilience assessment. Continue Reading
-
Answer
13 Oct 2023
What are the most important email security protocols?
Email was designed without security considerations. Email security protocols, including SMPTS, SPF and S/MIME, add mechanisms to keep messaging safe from threats. Continue Reading
-
Feature
10 Oct 2023
Security posture management a huge challenge for IT pros
Enterprise Strategy Group's John Oltsik explains why executing security hygiene and posture management at scale remains an uphill battle for organizations, despite automation. Continue Reading
-
Tip
10 Oct 2023
Security log management and logging best practices
Learn how to conduct security log management that provides visibility into IT infrastructure activities and traffic, improves troubleshooting and prevents service disruptions. Continue Reading
-
Tip
06 Oct 2023
Collaboration security and governance must be proactive
Even as companies deploy more collaboration tools, they aren't keeping pace with effective governance strategies for these tools and their generated content. Continue Reading
-
Tip
06 Oct 2023
Is Android fragmentation still a problem for IT teams?
Android fragmentation has been a significant challenge for enterprise IT managing the OS. Find out how to manage fragmentation in the Android operating system. Continue Reading
-
Guest Post
30 Aug 2023
SEC cyber attack regulations prompt 10 questions for CISOs
New SEC regulations governing the disclosure of cyber attacks by public companies lead to 10 questions board members should ask their CISOs about managing cyber-risk. Continue Reading
-
Tip
16 Aug 2023
6 open source GRC tools compliance professionals should know
Organizations must meet a variety of regulatory compliance requirements today. Here's a look at six open source GRC tools and related resources that might help. Continue Reading
-
News
10 Aug 2023
Kemba Walden: We need to secure open source software
During her Black Hat USA 2023 keynote, the acting national cyber director said the White House wants to develop realistic policies to improve the security of open source software. Continue Reading
-
Tip
08 Aug 2023
5 steps to ensure HIPAA compliance on mobile devices
IT must implement several measures to comply with HIPAA, and mobile devices can add further complexity to this process. Follow these important steps for mobile HIPAA compliance. Continue Reading
-
Feature
01 Aug 2023
Infosec experts divided on SEC four-day reporting rule
Professionals in the cybersecurity industry voiced concerns and praises of new incident disclosure rules that allow companies four days to report a "material" cyber attack. Continue Reading
-
Tip
25 Jul 2023
5 steps to approach BYOD compliance policies
It can be difficult to ensure BYOD endpoints are compliant because IT can't configure them before they ship to users. Admins must enforce specific policies to make up for this. Continue Reading
-
Tip
13 Jul 2023
The role of Mac file and folder encryption for businesses
IT administrators can enable the Mac FileVault utility across business files and data to provide an extra layer of security and meet compliance standards. Continue Reading
-
News
10 Jul 2023
Genesys Cloud CX gets FedRAMP certified for government use
The CX vendor obtained Moderate Impact level authorization for its Genesys Cloud CX platform, bolstering security and safeguarding internal operations for U.S. government users. Continue Reading
-
Tutorial
16 Jun 2023
Guard information in cloud with a data classification policy
The cloud's need for special data classification attention arises from a combination of risk factors. With proper care, classification and compliance can limit these risks. Continue Reading
-
Tip
13 Jun 2023
How to address mobile compliance in a business setting
When organizations plan for compliance and data security, they need to consider mobile devices due to their proliferation in a business setting and how easy it is to lose them. Continue Reading
-
Tip
08 Jun 2023
How to secure blockchain: 10 best practices
Blockchain has huge potential in the enterprise, but remember all emerging technologies come with their own risks. Consider these 10 best practices for securing blockchain. Continue Reading
-
Podcast
25 May 2023
Risk & Repeat: A troubling trend of poor breach disclosures
This Risk & Repeat episode covers three data breach disclosures from Dish Network, Gentex Corporation and Clarke County Hospital and the troubling trends that connect all three. Continue Reading
-
Feature
12 May 2023
Security experts share cloud auditing best practices
A cloud audit allows organizations to assess cloud vendor performance. Auditing experts Shinesa Cambric and Michael Ratemo talk about the role of compliance in auditing. Continue Reading
-
News
12 May 2023
Experts question San Bernardino's $1.1M ransom payment
While no public safety services were compromised in the ransomware attack on San Bernardino County's Sheriff's Department, the government opted to $1.1 million to threat actors. Continue Reading
-
Podcast
09 May 2023
Risk & Repeat: Ex-Uber CSO Joe Sullivan sentenced
This podcast episode covers the sentencing of former Uber CSO Joe Sullivan over the 2016 breach cover-up, and what it means for other security executives and the industry at large. Continue Reading
-
News
05 May 2023
Former Uber CSO Joe Sullivan avoids jail for breach cover-up
A U.S. district judge sentenced former Uber security chief Joe Sullivan to three years of probation and 200 hours of community service for his role in the 2016 breach cover-up. Continue Reading
-
News
04 May 2023
Cybersecurity execs ponder software liability implementation
Reactions to the Biden Administration's push for legislation enforcing software liability were mostly positive, but questions remain regarding implementation. Continue Reading
-
Opinion
25 Apr 2023
Cloud-native security metrics for CISOs
Author and chief risk officer Rich Seiersen talks about the challenges of securing cloud-native applications and how to use metrics to improve their effectiveness. Continue Reading
-
News
25 Apr 2023
DOJ's Monaco addresses 'misperception' of Joe Sullivan case
In her RSA Conference keynote, Deputy Attorney General Lisa Monaco was asked if the prosecution of former Uber CSO Joe Sullivan damaged trust with the private sector. Continue Reading
-
Tip
19 Apr 2023
How to prepare for a cybersecurity audit
Organizations should conduct regular cybersecurity audits to determine if their networks and other assets are properly protected, as well as if they meet compliance mandates. Continue Reading
-
Feature
20 Mar 2023
Techno-nationalism explained: What you need to know
Techno-nationalism changes the way providers do business and the way users interact with tech. Continue Reading
-
News
02 Mar 2023
New National Cybersecurity Strategy takes aim at ransomware
The Biden-Harris administration's 39-page National Cybersecurity Strategy covers multiple areas, including disrupting ransomware operations and addressing vulnerable software. Continue Reading
-
Tip
25 Jan 2023
Centralized services as a hedge against shadow IT's escalation
Proliferation of cloud, AI and integration tools has increased the deployment security risks of shadow IT and the need to centralize business functions and share support services. Continue Reading
-
Tip
19 Jan 2023
Building a shared services organization structure
Amid the shifting economic climate and new reality of hybrid workforces, there's no better time for companies to consolidate business functions and centralize support services. Continue Reading
-
News
10 Nov 2022
TrustCor under fire over certificate authority concerns
TrustCor Systems, a certificate authority registered in Panama, is in hot water after a Washington Post report raised questions about its apparent connections to a spyware vendor. Continue Reading
-
Tip
01 Nov 2022
Ideal CISO reporting structure is to high-level business leaders
CISOs usually report to a high-level executive, but reporting to a top-level business executive like the CEO rather than a technology executive protects the business best. Continue Reading
-
Tip
11 Oct 2022
How to conduct a cybersecurity audit based on zero trust
This checklist offers guidance on how to prepare for a zero-trust cybersecurity audit and helps document how well cybersecurity controls are performing based on CISA's ZTMM. Continue Reading
-
News
06 Oct 2022
Former Uber CSO Joe Sullivan found guilty in breach cover-up
Sullivan was convicted of obstruction of proceedings of the Federal Trade Commission and misprision of felony in connection with the cover-up of Uber's 2016 data breach. Continue Reading
-
Tip
27 Sep 2022
10 PCI DSS best practices to weigh as new standard rolls out
PCI's Security Standards Council revamped the requirements governing how organizations store payment card information. Companies need to act fast to ensure they are in compliance. Continue Reading
-
Podcast
16 Sep 2022
Risk & Repeat: The White House wants secure software
This podcast episode discusses the implications of the Biden administration's new purchasing and usage guidelines for software utilized by U.S. federal agencies. Continue Reading
-
News
14 Sep 2022
Biden issues cybersecurity guidance for software vendors
The guidance is an extension of President Biden's cybersecurity executive order from 2021 and includes new requirements for software deployed in federal agencies. Continue Reading
-
Tip
08 Sep 2022
Tips to achieve compliance with GDPR in cloud storage
GDPR compliance can be tricky in the cloud since organizations aren't the owners and processors of cloud storage. Research cloud vendors, and craft a plan to ensure compliance. Continue Reading
-
Tip
01 Sep 2022
Cybersecurity budget breakdown and best practices
Once budget is secured, CISOs must figure out where it should be allocated -- as well as how to justify the costs. Get the lowdown on a cybersecurity budget breakdown here. Continue Reading
-
Podcast
24 Aug 2022
Risk & Repeat: Whistleblower spells trouble for Twitter
A new whistleblower report unveiled troubling accusations against Twitter from the social media company's former head of security, Peiter 'Mudge' Zatko. Continue Reading
-
Tip
24 Aug 2022
PCI DSS v4.0 is coming, here's how to prepare to comply
Organizations need to start laying the groundwork to reap the benefits of the forthcoming PCI DSS v4.0 specification. Creating a team to focus on the upgrade is one good step. Continue Reading
-
Tip
15 Aug 2022
Cybersecurity skills gap: Why it exists and how to address it
The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
-
Feature
11 Aug 2022
What is data security? The ultimate guide
Dig into the essentials of data security, from must-have tools, technologies and processes to best practices for keeping data safe. Continue Reading
-
News
08 Aug 2022
U.S. sanctions another cryptocurrency mixer in Tornado Cash
The U.S. Treasury Department issued sanctions against Tornado Cash, a cryptocurrency mixer accused of helping North Korea's Lazarus Group launder stolen funds. Continue Reading
-
Tip
05 Aug 2022
5 data security challenges enterprises face today
Data empowers enterprises to succeed. But with great power comes great responsibility -- to keep that data secure. Here are five challenges today's businesses must meet. Continue Reading
-
Tip
28 Jul 2022
How to perform a data risk assessment, step by step
Organizations need confidence that they are properly identifying and protecting sensitive data. Follow these five steps to create a data risk assessment. Continue Reading
-
Feature
28 Jul 2022
How to develop a data breach response plan: 5 steps
A data breach response plan outlines how a business will react to a breach. Follow these five steps, and use our free template to develop your organization's plan. Continue Reading
-
Feature
21 Jul 2022
How to create a data security policy, with template
Are you looking to create or update your organization's data security policy? Learn about the key elements of a data security policy, and use our free template to get started. Continue Reading
-
Tip
18 Jul 2022
Best practices for legal hold storage
Storing data for legal holds could be a mission-critical task. Storage admins should understand how to prepare for legal holds and deal with them when they occur. Continue Reading
-
Tip
07 Jul 2022
How to create a critical infrastructure incident response plan
Does your organization have an incident response plan for disruptions to critical infrastructure? Learn how to write a successful plan for your company. Continue Reading
-
Guest Post
28 Jun 2022
Why the next-gen telecom ecosystem needs better regulations
The telecom industry keeps the world connected but also poses national and cybersecurity risks. Learn why the sector needs better -- and uniform -- regulations. Continue Reading
-
News
14 Jun 2022
How Russian sanctions may be helping US cybersecurity
Federal government officials say Russian sanctions decreased cyber attacks on the U.S. over the past few months but could potentially lead to significant threats down the road. Continue Reading
-
Tip
14 Jun 2022
3 steps for CDOs to ensure data sovereignty in the cloud
Data sovereignty regulations, combined with a tsunami of data growth and increased cloud usage, have created a perfect storm that chief data officers must manage. Continue Reading
-
News
26 May 2022
Twitter fined $150M for misusing 2FA data
The DOJ and FTC said the social media company misused consumers' personal data for advertisement purposes, from which it gained benefit. Continue Reading
-
Opinion
23 May 2022
ESG analysts discuss how to manage compliance, data privacy
ESG analysts offer three recommendations for effective data governance: good C-level and IT leadership, visibility into cloud infrastructure and understanding cloud architecture. Continue Reading
-
Tip
09 May 2022
The top secure software development frameworks
Keeping security top of mind when developing software is paramount. Learn how to incorporate security into the SDLC with the top secure software development frameworks. Continue Reading
-
Feature
14 Apr 2022
Study attests: Cloud apps, remote users add to data loss
A study from ESG found many customers attribute data loss and compliance troubles to the race to put apps in the cloud and accommodate remote workers amid the pandemic. Continue Reading
-
Tip
07 Apr 2022
Should companies ask for a SaaS software bill of materials?
Though it isn't commonplace to ask for a SaaS software bill of materials, one can be beneficial for both SaaS providers and their customers. Learn why. Continue Reading
-
Feature
05 Apr 2022
How effective is security awareness training? Not enough
Annual security awareness trainings do little to improve security. Learn why they aren't helpful, and discover steps to improve your organization's training program. Continue Reading
-
Feature
31 Mar 2022
The importance of HR's role in cybersecurity
HR teams must keep security top of mind when hiring and onboarding employees and enforcing data privacy policies. Get advice on the procedures and mechanisms to do so. Continue Reading
-
Feature
31 Mar 2022
Why CISOs need to understand the business
While CISOs need technical skills, business skills help them push their team's agenda and get the support and funding they need to protect their company. Continue Reading
-
Tip
29 Mar 2022
Deploy an information barrier policy for Microsoft Teams
Mistakes happen, but can be costly when they involve compliance. Office 365 information barriers can prevent inadvertent sharing to protect the organization's sensitive data. Continue Reading
-
Tip
24 Mar 2022
How to overcome GDPR compliance challenges
As GDPR fines and penalties increase, organizations must prioritize compliance to avoid financial and reputational damages. Learn about the top challenges and their solutions. Continue Reading
-
News
16 Mar 2022
Biden signs law on reporting critical infrastructure cyber attacks
President Joe Biden signed a law that requires critical infrastructure entities to report cyber attacks within 72 hours and report ransom payments in 24 hours. Continue Reading
-
Tip
15 Mar 2022
How endpoint encryption works in a data security strategy
Companies should use encryption to keep data on endpoints protected should an attacker successfully get hold of a device or breach enterprise security measures. Continue Reading
-
Tip
11 Mar 2022
How to write an information security policy, plus templates
Infosec policies are key to any enterprise security program. Read up on types of security policies and how to write one, and download free templates to start the drafting process. Continue Reading
-
Tip
25 Feb 2022
Privacy-enhancing technology types and use cases
Data is key to companies' success, but maintaining its privacy and ensuring regulatory compliance is difficult. Learn about privacy-enhancing technologies that keep data protected. Continue Reading
-
Tip
23 Feb 2022
Crosswalk cloud compliance to ensure consistency
Combining a risk management framework with security policies can be tricky, but crosswalking -- especially in the cloud -- can help address inconsistencies and maintain compliance. Continue Reading
-
News
10 Feb 2022
Why Massachusetts' data breach reports are so high
Massachusetts discloses breaches of companies that affect just a single resident, giving the commonwealth a much larger number of 2021 incidents than other states. Continue Reading
-
Guest Post
09 Feb 2022
How automated certificate management helps retain IT talent
Organizations shouldn't waste their IT pros' time on unnecessary tasks -- especially during a skills shortage. Learn about the benefits of automated digital certificate management. Continue Reading
-
Feature
28 Jan 2022
4 data privacy predictions for 2022 and beyond
Data privacy will continue to heat up in 2022. From regulations to staffing to collaboration, will these data privacy predictions come to fruition in the next 12 months and beyond? Continue Reading
-
News
24 Jan 2022
Monero and the complicated world of privacy coins
Monero is known for being one of the most common cryptocurrencies seen in illicit transactions, but its development community paints a different picture of the privacy coin. Continue Reading
-
Tip
21 Jan 2022
Top cloud security standards and frameworks to consider
Cloud security standards and frameworks are key to securing systems and maintaining privacy. Read up on available options and advice for selecting the best for your organization. Continue Reading
-
Guest Post
28 Dec 2021
How to make security accessible to developers
Apps are too often released with flaws and vulnerabilities. Learn how to make security accessible to developers by integrating best practices into the development lifecycle. Continue Reading
-
Guest Post
10 Dec 2021
The business benefits of data compliance
Beyond appeasing auditors and avoiding fines, data compliance offers several business benefits. Discover how data compliance can build trust and improve publicity. Continue Reading
-
Feature
09 Dec 2021
GDPR as we enter 2022: Challenges, enforcement and fines
Take a look at where GDPR stands as it reaches its fourth birthday, including enforcement and fine changes, current challenges, how COVID-19 affected it and more. Continue Reading
-
Guest Post
15 Nov 2021
Reduce the risk of cyber attacks with frameworks, assessments
Don't rely on a compliance mandate to reduce the risk of cyber attacks or on a cyber insurer to cover an attack's aftermath. Assessments and frameworks are key to staying safe. Continue Reading
-
Tip
05 Nov 2021
Steps for building a privacy program, plus checklist
Organizations need to prioritize privacy now more than ever. Follow these steps, and use our checklist to create a privacy program that ensures compliance and mitigates threats. Continue Reading
-
Tip
04 Nov 2021
7 best practices to ensure GDPR compliance
Complying with the EU's GDPR data privacy mandates remains challenging. These best practices -- such as hiring a data protection officer and classifying data -- can help. Continue Reading
-
Feature
30 Sep 2021
10 CCPA enforcement cases from the law's first year
It's been more than a year since CCPA enforcement began, and organizations started hearing from the California attorney general. Explore 10 early cases of alleged noncompliance. Continue Reading
-
Tip
21 Sep 2021
The benefits of an IT management response
Many organizations create management responses to traditional audit findings. But did you know organizations can do them after IT audits and assessments, too? Continue Reading
-
Tip
05 Aug 2021
How to use the NIST framework for cloud security
Aligning the NIST Cybersecurity Framework with cloud services such as AWS, Azure and Google Cloud can improve cloud security. Read how to best use the framework for the cloud. Continue Reading
-
Tip
15 Jun 2021
What are cloud security frameworks and how are they useful?
Cloud security frameworks help CSPs and customers alike, providing easy-to-understand security baselines, validations and certifications. Continue Reading
-
News
25 May 2021
Chaos in Maricopa County: The election audit explained
The controversy about an election audit of Maricopa County, Ariz., involves accusations of deleted databases, bamboo fibers and potentially ruined voting machines. Continue Reading
-
Podcast
25 May 2021
Risk & Repeat: Recapping RSA Conference 2021
Election security, nation-state threats and supply chain attacks were major topics at this year's RSA Conference, which was held as a virtual event. Continue Reading
-
Tip
07 May 2021
How to successfully automate GRC systems in 7 steps
There is more to automating GRC programs than technology alone. This implementation roadmap helps IT leaders effectively plan, deploy and monitor GRC activities and tools. Continue Reading
-
Tip
06 May 2021
How to use CIS benchmarks to improve public cloud security
Safeguarding public cloud environments is a shared responsibility. Cloud customers should use CIS benchmarks to ensure cloud security at the account level. Continue Reading
-
Tip
09 Apr 2021
Exploring GRC automation benefits and challenges
Governance, risk and compliance is a crucial enterprise task but can be costly and time-consuming. This is where GRC automation fits in. Learn about its benefits and challenges. Continue Reading
-
Feature
30 Mar 2021
Feds debate while states act on data privacy laws
As Congress debates its next move on how to regulate big tech, states are already enacting legislation. Their push will likely serve as a model for the federal government. Continue Reading
-
Guest Post
04 Mar 2021
Rebuild security and compliance foundations with automation
Instead of patchwork security fixes, financial organizations need to embrace automation, create and deploy secure software and address implementation problems. Continue Reading
-
Guest Post
08 Jan 2021
7 cybersecurity priorities CISOs should focus on for 2021
For 2021, Vishal Salvi argues that CISOs should tie cybersecurity to business agendas better, invest in cloud security, implement IT hygiene, modernize security architecture and more. Continue Reading
-
Tip
20 Nov 2020
Data protection impact assessment tips and templates
Conducting a data protection impact assessment is key to evaluating potential risk factors that could pose a serious threat to individuals and their personal information. Continue Reading
-
Tip
13 Nov 2020
How to use the Mitre ATT&CK framework for cloud security
Learn how to use the Mitre ATT&CK security framework to keep your enterprise cloud environment -- whether AWS, GCP, Azure, Azure AD or Microsoft 365 -- secure. Continue Reading