Compliance

Compliance-related resources to help firms comply with Sarbanes-Oxley (Sarbox), the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley (GLB), and other government mandates.

News

Windows XP Can Put SOX, HIPAA, Credit Card Security-Compliance at Risk

When Microsoft stops supporting Windows XP next month businesses that have to comply with payment card industry (PCI) data security standards as well as healthcare and financial standards may find themselves out of compliance unless they call in some creative fixes, experts say. Full Story »
How To

Tips to Get Ready for (or Possibly Avoid) Software Audits

Software compliance is a complex and interpretative process that if not done correctly and with forethought can cost organizations millions. Follow these guidelines to ensure the best possible outcome.

News

Maintaining PCI Compliance is a Big Challenge for Most Companies

A majority of companies that achieve annual compliance with the Payment Card Industry Data Security Standard fail to then maintain that status, leaving them vulnerable to breaches.

How To

How to Bring Shadow IT Under Control

Most business units these days are leveraging cloud services, and a majority of them are bypassing IT to do it, according to a new study. While many IT departments want to take charge of provisioning cloud services, it may make more sense to get your arms around compliance and governance first.

How To

Healthcare Needs Data Analytics for the ACO Model to Succeed

If the accountable care organization is to avoid the fate of the health maintenance organization, then ACOs need to take advantage of the data that HMOs lacked in the 1990s -- and realize that holding, viewing and using data are different concepts that each come with different issues.

Feature

How BYOD Puts Everyone at Legal Risk

If your BYOD policy goes too far, you may be prosecuted for unfair labor practices. However, courts expect you to produce all relevant data in discovery proceedings. Meanwhile, your employees may fear retaliation if they don't sign draconian BYOD policies. CIO.com talks to attorneys to better understand the legal side of BYOD.

News analysis

Healthcare Finally Warming to Cloud Technology

Ever the risk-averse industry, healthcare is finally beginning to trust cloud for the storage of protected health information. Experts credit better cloud security, dropping costs and the growing need for disparate organizations to share information. What's more, this only appears to be the tip of the healthcare cloud iceberg.

Advice & Opinion

Passing PCI Firewall Audits: Top 5 Checks for Ongoing Success

If you are an information security professional whose organization handles credit card information, then unless you have been living under a rock since PCI DSS was first introduced in 2004, PCI compliance is a fact of life. Many love to bash the standard as the "low bar" for security, but when it comes to "Requirement 1: Install and maintain a firewall configuration to protect cardholder data," special attention to these five components (out of 21 outlined in Requirement 1), will a set a high, sustainable standard (yes&really!) for both security and PCI compliance.

Feature

7 Biggest IT Compliance Headaches and How CIOs Can Cure Them

IT, security and compliance experts discuss the biggest issues facing companies these days -- and what steps organizations can take to minimize potential regulatory compliance risks and security threats.

How To

Why Healthcare Providers Aren't Happy With EHR Systems

The U.S. government is giving the healthcare industry billions of dollars in incentives to use electronic health records. Most organizations have EHR software in place, but as many as 35 percent wish they could switch systems. Are EHR vendors to blame, or are deeper forces at work?

News Feature

Most Data Breaches Caused by Human Error, System Glitches

Companies can significantly decrease the cost of data breaches by teaching employees not to cut corners and by adopting a strong security posture and an incident response plan.

Feature

CISOs Must Engage the Board About Information Security

With technology now at the center of nearly all business processes, information security is no longer simply an operational concern. It deserves a place on the board's strategic agenda. And that means the CISO needs to step up in the boardroom.

Advice & Opinion

Avoiding IT Audit Nightmares

IT's problems can draw unwanted notice now that Sarbanes-Oxley requires them to appear in 10-K reports as 'material weaknesses.'

How To

How IT Can Achieve Operational Resiliency

Today's complex IT environments make maintaining 'always on' availability more challenging than ever before, even as IT has become central to most business operations. IDC's David Tapper says organizations must adopt a plan for achieving operational resiliency.

News

Compliance vs. Risk in Enterprise Security

A CIO once quipped, "Security isn't hard, compliance is." And in fact many companies focus their security efforts on meeting compliance requirements. But if you are audit compliant, have you in fact addressed all of your risks, or are you just kidding yourself? Is it better to focus on the risks presuming that doing so will cover you off on the compliance side? Network World Editor in Chief put the question to two practitioners, both of whom come down on the side of risk.