Compliance

Compliance with corporate, government and industry standards and regulations is critical to meet business goals, reduce risk, maintain trust and avoid fines. Get advice on audit planning and management; laws, standards and regulations; and how to comply with GDPR, PCI DSS, HIPAA and more.

Top Stories

Tutorial 16 Jun 2023
Guard information in cloud with a data classification policy

The cloud's need for special data classification attention arises from a combination of risk factors. With proper care, classification and compliance can limit these risks. Continue Reading
Tip 13 Jun 2023
How to address mobile compliance in a business setting

When organizations plan for compliance and data security, they need to consider mobile devices due to their proliferation in a business setting and how easy it is to lose them. Continue Reading

Tip 08 Jun 2023

How to secure blockchain: 10 best practices

Blockchain has huge potential in the enterprise, but remember all emerging technologies come with their own risks. Consider these 10 best practices for securing blockchain. Continue Reading
Podcast 25 May 2023

Risk & Repeat: A troubling trend of poor breach disclosures

This Risk & Repeat episode covers three data breach disclosures from Dish Network, Gentex Corporation and Clarke County Hospital and the troubling trends that connect all three. Continue Reading
Feature 12 May 2023

Security experts share cloud auditing best practices

A cloud audit allows organizations to assess cloud vendor performance. Auditing experts Shinesa Cambric and Michael Ratemo talk about the role of compliance in auditing. Continue Reading
News 12 May 2023

Experts question San Bernardino's $1.1M ransom payment

While no public safety services were compromised in the ransomware attack on San Bernardino County's Sheriff's Department, the government opted to $1.1 million to threat actors. Continue Reading
Podcast 09 May 2023

Risk & Repeat: Ex-Uber CSO Joe Sullivan sentenced

This podcast episode covers the sentencing of former Uber CSO Joe Sullivan over the 2016 breach cover-up, and what it means for other security executives and the industry at large. Continue Reading
News 05 May 2023

Former Uber CSO Joe Sullivan avoids jail for breach cover-up

A U.S. district judge sentenced former Uber security chief Joe Sullivan to three years of probation and 200 hours of community service for his role in the 2016 breach cover-up. Continue Reading
News 04 May 2023

Cybersecurity execs ponder software liability implementation

Reactions to the Biden Administration's push for legislation enforcing software liability were mostly positive, but questions remain regarding implementation. Continue Reading
Opinion 25 Apr 2023

Cloud-native security metrics for CISOs

Author and chief risk officer Rich Seiersen talks about the challenges of securing cloud-native applications and how to use metrics to improve their effectiveness. Continue Reading
News 25 Apr 2023

DOJ's Monaco addresses 'misperception' of Joe Sullivan case

In her RSA Conference keynote, Deputy Attorney General Lisa Monaco was asked if the prosecution of former Uber CSO Joe Sullivan damaged trust with the private sector. Continue Reading
Tip 19 Apr 2023

How to prepare for a cybersecurity audit

Organizations should conduct regular cybersecurity audits to determine if their networks and other assets are properly protected, as well as if they meet compliance mandates. Continue Reading
Tip 13 Apr 2023

6 open source GRC tools compliance professionals should know

Today's organizations need to meet a variety of regulatory compliance requirements. Here's a look at six open source GRC tools and what features each one offers. Continue Reading
Feature 20 Mar 2023

Techno-nationalism explained: What you need to know

Techno-nationalism changes the way providers do business and the way users interact with tech. Continue Reading
News 02 Mar 2023

New National Cybersecurity Strategy takes aim at ransomware

The Biden-Harris administration's 39-page National Cybersecurity Strategy covers multiple areas, including disrupting ransomware operations and addressing vulnerable software. Continue Reading
Tip 25 Jan 2023

Centralized services as a hedge against shadow IT's escalation

Proliferation of cloud, AI and integration tools has increased the deployment security risks of shadow IT and the need to centralize business functions and share support services. Continue Reading
Tip 19 Jan 2023

Building a shared services organization structure

Amid the shifting economic climate and new reality of hybrid workforces, there's no better time for companies to consolidate business functions and centralize support services. Continue Reading
News 10 Nov 2022

TrustCor under fire over certificate authority concerns

TrustCor Systems, a certificate authority registered in Panama, is in hot water after a Washington Post report raised questions about its apparent connections to a spyware vendor. Continue Reading
Tip 01 Nov 2022

Ideal CISO reporting structure is to high-level business leaders

CISOs usually report to a high-level executive, but reporting to a top-level business executive like the CEO rather than a technology executive protects the business best. Continue Reading
Tip 11 Oct 2022

How to conduct a cybersecurity audit based on zero trust

This checklist offers guidance on how to prepare for a zero-trust cybersecurity audit and helps document how well cybersecurity controls are performing based on CISA's ZTMM. Continue Reading
News 06 Oct 2022

Former Uber CSO Joe Sullivan found guilty in breach cover-up

Sullivan was convicted of obstruction of proceedings of the Federal Trade Commission and misprision of felony in connection with the cover-up of Uber's 2016 data breach. Continue Reading
Tip 27 Sep 2022

10 PCI DSS best practices to weigh as new standard rolls out

PCI's Security Standards Council revamped the requirements governing how organizations store payment card information. Companies need to act fast to ensure they are in compliance. Continue Reading
Podcast 16 Sep 2022

Risk & Repeat: The White House wants secure software

This podcast episode discusses the implications of the Biden administration's new purchasing and usage guidelines for software utilized by U.S. federal agencies. Continue Reading
News 14 Sep 2022

Biden issues cybersecurity guidance for software vendors

The guidance is an extension of President Biden's cybersecurity executive order from 2021 and includes new requirements for software deployed in federal agencies. Continue Reading
Tip 08 Sep 2022

Tips to achieve compliance with GDPR in cloud storage

GDPR compliance can be tricky in the cloud since organizations aren't the owners and processors of cloud storage. Research cloud vendors, and craft a plan to ensure compliance. Continue Reading
Tip 01 Sep 2022

Cybersecurity budget breakdown and best practices

Once budget is secured, CISOs must figure out where it should be allocated -- as well as how to justify the costs. Get the lowdown on a cybersecurity budget breakdown here. Continue Reading
Podcast 24 Aug 2022

Risk & Repeat: Whistleblower spells trouble for Twitter

A new whistleblower report unveiled troubling accusations against Twitter from the social media company's former head of security, Peiter 'Mudge' Zatko. Continue Reading
Tip 24 Aug 2022

PCI DSS v4.0 is coming, here's how to prepare to comply

Organizations need to start laying the groundwork to reap the benefits of the forthcoming PCI DSS v4.0 specification. Creating a team to focus on the upgrade is one good step. Continue Reading
Tip 15 Aug 2022

Cybersecurity skills gap: Why it exists and how to address it

The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
Feature 11 Aug 2022

What is data security? The ultimate guide

Dig into the essentials of data security, from must-have tools, technologies and processes to best practices for keeping data safe. Continue Reading
News 08 Aug 2022

U.S. sanctions another cryptocurrency mixer in Tornado Cash

The U.S. Treasury Department issued sanctions against Tornado Cash, a cryptocurrency mixer accused of helping North Korea's Lazarus Group launder stolen funds. Continue Reading
Tip 05 Aug 2022

5 data security challenges enterprises face today

Data empowers enterprises to succeed. But with great power comes great responsibility -- to keep that data secure. Here are five challenges today's businesses must meet. Continue Reading
Tip 28 Jul 2022

How to perform a data risk assessment, step by step

Organizations need confidence that they are properly identifying and protecting sensitive data. Follow these five steps to create a data risk assessment. Continue Reading
Feature 28 Jul 2022

How to develop a data breach response plan: 5 steps

A data breach response plan outlines how a business will react to a breach. Follow these five steps, and use our free template to develop your organization's plan. Continue Reading
Feature 21 Jul 2022

How to create a data security policy, with template

Are you looking to create or update your organization's data security policy? Learn about the key elements of a data security policy, and use our free template to get started. Continue Reading
Tip 18 Jul 2022

Best practices for legal hold storage

Storing data for legal holds could be a mission-critical task. Storage admins should understand how to prepare for legal holds and deal with them when they occur. Continue Reading
Tip 07 Jul 2022

How to create a critical infrastructure incident response plan

Does your organization have an incident response plan for disruptions to critical infrastructure? Learn how to write a successful plan for your company. Continue Reading
Tip 29 Jun 2022

How to conduct a cyber-resilience assessment

It's a good cyber hygiene practice to periodically review your organization's cybersecurity plans and procedures. Use this checklist to guide your cyber-resilience assessment. Continue Reading
Guest Post 28 Jun 2022

Why the next-gen telecom ecosystem needs better regulations

The telecom industry keeps the world connected but also poses national and cybersecurity risks. Learn why the sector needs better -- and uniform -- regulations. Continue Reading
News 14 Jun 2022

How Russian sanctions may be helping US cybersecurity

Federal government officials say Russian sanctions decreased cyber attacks on the U.S. over the past few months but could potentially lead to significant threats down the road. Continue Reading
Tip 14 Jun 2022

3 steps for CDOs to ensure data sovereignty in the cloud

Data sovereignty regulations, combined with a tsunami of data growth and increased cloud usage, have created a perfect storm that chief data officers must manage. Continue Reading
News 26 May 2022

Twitter fined $150M for misusing 2FA data

The DOJ and FTC said the social media company misused consumers' personal data for advertisement purposes, from which it gained benefit. Continue Reading
Opinion 23 May 2022

ESG analysts discuss how to manage compliance, data privacy

ESG analysts offer three recommendations for effective data governance: good C-level and IT leadership, visibility into cloud infrastructure and understanding cloud architecture. Continue Reading
Tip 09 May 2022

The top secure software development frameworks

Keeping security top of mind when developing software is paramount. Learn how to incorporate security into the SDLC with the top secure software development frameworks. Continue Reading
Feature 14 Apr 2022

Study attests: Cloud apps, remote users add to data loss

A study from ESG found many customers attribute data loss and compliance troubles to the race to put apps in the cloud and accommodate remote workers amid the pandemic. Continue Reading
Tip 07 Apr 2022

Should companies ask for a SaaS software bill of materials?

Though it isn't commonplace to ask for a SaaS software bill of materials, one can be beneficial for both SaaS providers and their customers. Learn why. Continue Reading
Feature 05 Apr 2022

How effective is security awareness training? Not enough

Annual security awareness trainings do little to improve security. Learn why they aren't helpful, and discover steps to improve your organization's training program. Continue Reading
Feature 31 Mar 2022

The importance of HR's role in cybersecurity

HR teams must keep security top of mind when hiring and onboarding employees and enforcing data privacy policies. Get advice on the procedures and mechanisms to do so. Continue Reading
Feature 31 Mar 2022

Why CISOs need to understand the business

While CISOs need technical skills, business skills help them push their team's agenda and get the support and funding they need to protect their company. Continue Reading
Tip 29 Mar 2022

Deploy an information barrier policy for Microsoft Teams

Mistakes happen, but can be costly when they involve compliance. Office 365 information barriers can prevent inadvertent sharing to protect the organization's sensitive data. Continue Reading
Tip 24 Mar 2022

How to overcome GDPR compliance challenges

As GDPR fines and penalties increase, organizations must prioritize compliance to avoid financial and reputational damages. Learn about the top challenges and their solutions. Continue Reading
News 16 Mar 2022

Biden signs law on reporting critical infrastructure cyber attacks

President Joe Biden signed a law that requires critical infrastructure entities to report cyber attacks within 72 hours and report ransom payments in 24 hours. Continue Reading
Tip 15 Mar 2022

How endpoint encryption works in a data security strategy

Companies should use encryption to keep data on endpoints protected should an attacker successfully get hold of a device or breach enterprise security measures. Continue Reading
Tip 11 Mar 2022

How to write an information security policy, plus templates

Infosec policies are key to any enterprise security program. Read up on types of security policies and how to write one, and download free templates to start the drafting process. Continue Reading
Tip 25 Feb 2022

Privacy-enhancing technology types and use cases

Data is key to companies' success, but maintaining its privacy and ensuring regulatory compliance is difficult. Learn about privacy-enhancing technologies that keep data protected. Continue Reading
Tip 23 Feb 2022

Crosswalk cloud compliance to ensure consistency

Combining a risk management framework with security policies can be tricky, but crosswalking -- especially in the cloud -- can help address inconsistencies and maintain compliance. Continue Reading
News 10 Feb 2022

Why Massachusetts' data breach reports are so high

Massachusetts discloses breaches of companies that affect just a single resident, giving the commonwealth a much larger number of 2021 incidents than other states. Continue Reading
Guest Post 09 Feb 2022

How automated certificate management helps retain IT talent

Organizations shouldn't waste their IT pros' time on unnecessary tasks -- especially during a skills shortage. Learn about the benefits of automated digital certificate management. Continue Reading
Feature 28 Jan 2022

4 data privacy predictions for 2022 and beyond

Data privacy will continue to heat up in 2022. From regulations to staffing to collaboration, will these data privacy predictions come to fruition in the next 12 months and beyond? Continue Reading
News 24 Jan 2022

Monero and the complicated world of privacy coins

Monero is known for being one of the most common cryptocurrencies seen in illicit transactions, but its development community paints a different picture of the privacy coin. Continue Reading
Tip 21 Jan 2022

Top cloud security standards and frameworks to consider

Cloud security standards and frameworks are key to securing systems and maintaining privacy. Read up on available options and advice for selecting the best for your organization. Continue Reading
Guest Post 28 Dec 2021

How to make security accessible to developers

Apps are too often released with flaws and vulnerabilities. Learn how to make security accessible to developers by integrating best practices into the development lifecycle. Continue Reading
Tip 21 Dec 2021

Top 10 IT security frameworks and standards explained

Several IT security frameworks and cybersecurity standards are available to help protect company data. Here's advice for choosing the right one for your organization. Continue Reading
Guest Post 10 Dec 2021

The business benefits of data compliance

Beyond appeasing auditors and avoiding fines, data compliance offers several business benefits. Discover how data compliance can build trust and improve publicity. Continue Reading
Feature 09 Dec 2021

GDPR as we enter 2022: Challenges, enforcement and fines

Take a look at where GDPR stands as it reaches its fourth birthday, including enforcement and fine changes, current challenges, how COVID-19 affected it and more. Continue Reading
Tip 06 Dec 2021

Security log management and logging best practices

Learn how to conduct security log management that provides visibility into IT infrastructure activities and traffic, improves troubleshooting and prevents service disruptions. Continue Reading
Tip 30 Nov 2021

How to create a company password policy, with template

Use these guidelines and our free template to ensure your company's password policy sets the ground rules for strong and effective password creation and use. Continue Reading
Answer 22 Nov 2021

What are the most important email security protocols?

Email was designed without security considerations, but these top email security protocols add mechanisms to keep messaging safe from threats. Continue Reading
Guest Post 15 Nov 2021

Reduce the risk of cyber attacks with frameworks, assessments

Don't rely on a compliance mandate to reduce the risk of cyber attacks or on a cyber insurer to cover an attack's aftermath. Assessments and frameworks are key to staying safe. Continue Reading
Tip 05 Nov 2021

Steps for building a privacy program, plus checklist

Organizations need to prioritize privacy now more than ever. Follow these steps, and use our checklist to create a privacy program that ensures compliance and mitigates threats. Continue Reading
Tip 04 Nov 2021

7 best practices to ensure GDPR compliance

Complying with the EU's GDPR data privacy mandates remains challenging. These best practices -- such as hiring a data protection officer and classifying data -- can help. Continue Reading
Feature 30 Sep 2021

10 CCPA enforcement cases from the law's first year

It's been more than a year since CCPA enforcement began, and organizations started hearing from the California attorney general. Explore 10 early cases of alleged noncompliance. Continue Reading
Tip 21 Sep 2021

The benefits of an IT management response

Many organizations create management responses to traditional audit findings. But did you know organizations can do them after IT audits and assessments, too? Continue Reading
Tip 05 Aug 2021

How to use the NIST framework for cloud security

Aligning the NIST Cybersecurity Framework with cloud services such as AWS, Azure and Google Cloud can improve cloud security. Read how to best use the framework for the cloud. Continue Reading
Tip 15 Jun 2021

What are cloud security frameworks and how are they useful?

Cloud security frameworks help CSPs and customers alike, providing easy-to-understand security baselines, validations and certifications. Continue Reading
News 25 May 2021

Chaos in Maricopa County: The election audit explained

The controversy about an election audit of Maricopa County, Ariz., involves accusations of deleted databases, bamboo fibers and potentially ruined voting machines. Continue Reading
Podcast 25 May 2021

Risk & Repeat: Recapping RSA Conference 2021

Election security, nation-state threats and supply chain attacks were major topics at this year's RSA Conference, which was held as a virtual event. Continue Reading
Tip 07 May 2021

How to successfully automate GRC systems in 7 steps

There is more to automating GRC programs than technology alone. This implementation roadmap helps IT leaders effectively plan, deploy and monitor GRC activities and tools. Continue Reading
Tip 06 May 2021

How to use CIS benchmarks to improve public cloud security

Safeguarding public cloud environments is a shared responsibility. Cloud customers should use CIS benchmarks to ensure cloud security at the account level. Continue Reading
Tip 09 Apr 2021

Exploring GRC automation benefits and challenges

Governance, risk and compliance is a crucial enterprise task but can be costly and time-consuming. This is where GRC automation fits in. Learn about its benefits and challenges. Continue Reading
Feature 30 Mar 2021

Feds debate while states act on data privacy laws

As Congress debates its next move on how to regulate big tech, states are already enacting legislation. Their push will likely serve as a model for the federal government. Continue Reading
Guest Post 04 Mar 2021

Rebuild security and compliance foundations with automation

Instead of patchwork security fixes, financial organizations need to embrace automation, create and deploy secure software and address implementation problems. Continue Reading
Guest Post 08 Jan 2021

7 cybersecurity priorities CISOs should focus on for 2021

For 2021, Vishal Salvi argues that CISOs should tie cybersecurity to business agendas better, invest in cloud security, implement IT hygiene, modernize security architecture and more. Continue Reading
Tip 20 Nov 2020

Data protection impact assessment tips and templates

Conducting a data protection impact assessment is key to evaluating potential risk factors that could pose a serious threat to individuals and their personal information. Continue Reading
Tip 13 Nov 2020

How to use the Mitre ATT&CK framework for cloud security

Learn how to use the Mitre ATT&CK security framework to keep your enterprise cloud environment -- whether AWS, GCP, Azure, Azure AD or Microsoft 365 -- secure. Continue Reading
Feature 07 Jul 2020

5 PCI DSS best practices to improve compliance

Increased rates of PCI noncompliance are worth examining, as are PCI DSS best practices and tips for small and medium-sized companies. Read more in-depth compliance coverage here. Continue Reading
Tip 28 May 2020

5 steps to determine residual risk during the assessment process

Even the best security controls have data management gaps that create risk. Here are steps to identify and offset residual risk during an assessment. Continue Reading
Feature 01 May 2020

One security framework may be key to cyber effectiveness

The Mitre ATT&CK security framework could best enable effective cybersecurity, according to The Chertoff Group, as could joining information sharing and analysis organizations. Continue Reading
01 May 2020

One security framework may be key to cyber effectiveness

Continue Reading
Tip 17 Mar 2020

Get to know the elements of Secure Access Service Edge

Cloud services use cases continue to expand, but implementation challenges remain. Discover Secure Access Service Edge, or SASE, offerings and how they can simplify connectivity. Continue Reading
Feature 16 Mar 2020

How privacy compliance rules will affect IT security

As companies scramble to comply with consumer data privacy compliance mandates, like GDPR, CCPA and others on the horizon, IT security will shoulder much of the process burden. Continue Reading
Tip 11 Mar 2020

Updating the data discovery process in the age of CCPA

Privacy regulations are changing the enterprise data discovery process. Now, automation is key for fulfilling data discovery mandates, including those for CCPA and GDPR. Continue Reading
Tip 05 Mar 2020

Use this CCPA compliance checklist to get up to speed

California leads the pack in terms of state regulations on data privacy and transparency. Now, it's time for businesses to be proactive with this CCPA compliance checklist. Continue Reading
Tip 03 Mar 2020

Balance fraud compliance and prevention with these tips

IT leaders must be vigilant against cyberfraud. Use this list of fraud compliance statutes and prevention tips to protect IT resources, customers and your company's reputation. Continue Reading
Tip 27 Feb 2020

Privacy controls to meet CCPA compliance requirements

Existing risk management programs are a solid foundation for CCPA compliance requirements. Learn the privacy controls needed to remain CCPA-compliant and improve IT security. Continue Reading
News 25 Feb 2020

Securiti.ai wins RSA Innovation Sandbox Contest

Securiti.ai, which offers an AI-powered 'PrivacyOps' platform, took home the title of 'Most Innovative Startup' at RSA Conference's Innovation Sandbox Contest. Continue Reading
Feature 17 Feb 2020

Fighting PCI non-compliance could require new frameworks, zero trust

Falling PCI DSS compliance rates could force the PCI Security Standards Council to be more open to other regulatory frameworks and make enterprises aim higher in terms of data security. Could zero trust be part of the solution? Continue Reading
Feature 29 Jan 2020

How to implement a holistic approach to user data privacy

IoT devices flood the market with promises to make daily life more convenient. Learn how to embrace user consent to benefit your organization and enhance user data privacy. Continue Reading
Feature 21 Jan 2020

Understanding the CSA Cloud Controls Matrix and CSA CAIQ

Uncover how the CSA Cloud Controls Matrix and CSA CAIQ can be used to assess cloud providers' controls and risk models, ensure cloud compliance and more. Continue Reading
Tip 14 Jan 2020

HIPAA compliance checklist: The key to staying compliant in 2020

Putting together a HIPAA compliance program can be fraught with difficulty. Review best practices and a HIPAA compliance checklist to avoid common pitfalls and pass an audit. Continue Reading
Opinion 23 Dec 2019

Shared responsibility model transparency boosts cloud security

The shared responsibility model delineates where company and CSP security responsibilities start and end. This is critical not only for compliance, but also the big security picture. Continue Reading
Feature 10 Dec 2019

Best practices to help CISOs prepare for CCPA

With the CCPA taking effect in 2020, check out security chiefs' best practices to get ahead and stay ahead of impending data privacy and protection compliance regulations. Continue Reading