Compliance-related resources to help firms comply with Sarbanes-Oxley (Sarbox), the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley (GLB), and other government mandates.
Fri, February 07, 2014 - A majority of companies that achieve annual compliance with the Payment Card Industry Data Security Standard fail to then maintain that status, leaving them vulnerable to breaches.
Thu, January 16, 2014 - Most business units these days are leveraging cloud services, and a majority of them are bypassing IT to do it, according to a new study. While many IT departments want to take charge of provisioning cloud services, it may make more sense to get your arms around compliance and governance first.
Mon, January 13, 2014 - If the accountable care organization is to avoid the fate of the health maintenance organization, then ACOs need to take advantage of the data that HMOs lacked in the 1990s -- and realize that holding, viewing and using data are different concepts that each come with different issues.
Thu, November 21, 2013 - If your BYOD policy goes too far, you may be prosecuted for unfair labor practices. However, courts expect you to produce all relevant data in discovery proceedings. Meanwhile, your employees may fear retaliation if they don't sign draconian BYOD policies. CIO.com talks to attorneys to better understand the legal side of BYOD.
Mon, November 18, 2013 - Ever the risk-averse industry, healthcare is finally beginning to trust cloud for the storage of protected health information. Experts credit better cloud security, dropping costs and the growing need for disparate organizations to share information. What's more, this only appears to be the tip of the healthcare cloud iceberg.
Mon, October 21, 2013 - If you are an information security professional whose organization handles credit card information, then unless you have been living under a rock since PCI DSS was first introduced in 2004, PCI compliance is a fact of life. Many love to bash the standard as the "low bar" for security, but when it comes to "Requirement 1: Install and maintain a firewall configuration to protect cardholder data," special attention to these five components (out of 21 outlined in Requirement 1), will a set a high, sustainable standard (yes&really!) for both security and PCI compliance.
Tue, September 17, 2013 - IT, security and compliance experts discuss the biggest issues facing companies these days -- and what steps organizations can take to minimize potential regulatory compliance risks and security threats.
Mon, July 01, 2013 - The U.S. government is giving the healthcare industry billions of dollars in incentives to use electronic health records. Most organizations have EHR software in place, but as many as 35 percent wish they could switch systems. Are EHR vendors to blame, or are deeper forces at work?
Mon, June 17, 2013 - Companies can significantly decrease the cost of data breaches by teaching employees not to cut corners and by adopting a strong security posture and an incident response plan.
Fri, May 31, 2013 - With technology now at the center of nearly all business processes, information security is no longer simply an operational concern. It deserves a place on the board's strategic agenda. And that means the CISO needs to step up in the boardroom.
Mon, May 20, 2013 - IT's problems can draw unwanted notice now that Sarbanes-Oxley requires them to appear in 10-K reports as 'material weaknesses.'
Tue, April 30, 2013 - Today's complex IT environments make maintaining 'always on' availability more challenging than ever before, even as IT has become central to most business operations. IDC's David Tapper says organizations must adopt a plan for achieving operational resiliency.
Mon, April 22, 2013 - A CIO once quipped, "Security isn't hard, compliance is." And in fact many companies focus their security efforts on meeting compliance requirements. But if you are audit compliant, have you in fact addressed all of your risks, or are you just kidding yourself? Is it better to focus on the risks presuming that doing so will cover you off on the compliance side? Network World Editor in Chief put the question to two practitioners, both of whom come down on the side of risk.
Mon, March 25, 2013 - From phishing your own employees to sharing your company's hack history, these techniques can help you get -- and keep -- users' attention about security.