Properly implemented, access controls only give employees access to the applications and databases they need to do their jobs. At many regulated organizations, such controls are too often manual, outdated, and largely ineffective. Here's how to overhaul your access control program.
Technology acquisition is a complex, often speculative task. Whether the means is build or buy, long-term value goes unmeasured and unrealized. The result is vaporware—or worse. What's the solution to spending savvy? A little-known framework for IT investment management could provide the answer.
Driven especially by SOX, companies are turning to change management to provide needed discipline for changes to IT infrastructure and systems. To ensure the integrity of systems storing regulated data, as well as the attendant IT policies and procedures, companies are increasingly adopting change management practices.
Since December, the US civil code has included electronically stored information (ESI) in its requirements for legal discovery. But surveys show most companies are unprepared to comply. What's the holdup, and how can companies move toward sustainable e-discovery management?
In terms of disasters, it's been an eventful few years with hurricanes, floods, earthquakes, and winter storms. However, the silver lining of every dark cloud is a lesson that can help you prepare for the next incident. Experts share valuable advice to bolster your business continuity plans and face the inevitable force majeure that could cripple your company.
The Government Accountability Office (GAO) produces a wealth of guidance and reports for the entire federal IT system, but this knowledge is just as applicable to their private sector counterparts. Here's a treasure map to navigate the GAO site, find reports of interest, and access critical compliance information.
When disaster strikes and victims flood into an emergency room, doctors conduct triage to determine the severity of injuries and who gets treatment first. Companies can similarly prepare for the inevitable data breach by building a cross-disciplined incident team trained to assess the damage, stop the bleeding, and respond appropriately to regulatory bodies and customers.
In many companies, developers use live data in unsound, test environments but remain unmindful of the fallout if that data leaks out. Why should your compliance guard be relaxed when developers use test data to design the systems that store and dole out access to such sensitive information? Here are five ways to manage test data in regulated environments.
New study highlights commonalities between companies with the fewest IT compliance deficiencies.
Can companies use built-in ERP capabilities to better automate their IT controls?
How quickly can you search and retrieve e-mail and instant messages relevant to a regulatory inquiry or court-ordered discovery process?
The FTC says federal anti-spam legislation is effective. Experts disagree.
Sarbanes-Oxley compliance started chaotically. By its second year, however, many organizations were investigating how automated controls could help them see SOX not as an annual cost but as a way to reduce business risk. What’s in store for year three?
Spyware poses a huge threat—yet a recent survey shows that by their own admission, many enterprises have yet to protect their information with suitable anti-spyware software.
Thanks to a variety of regulations, businesses must retain e-mail and instant messages, creating an information glut. Here’s how to manage it.
With the average public data breach costing $7.5 million to clean up, security managers seek automated hard disk encryption.
Automated security and access controls get top attention as enterprises move into their second year of Sarbanes-Oxley compliance.
Corporate governance, risk management, and compliance are challenges that will determine your company’s future. Here's how data auditing can help.
New regulations mandate increased security for utilities' supervisory control and data acquisition systems
To counter security threats, developers can reverse-engineer their products, or take a less expensive and more effective approach