Compliance-related resources to help firms comply with Sarbanes-Oxley (Sarbox), the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley (GLB), and other government mandates.
Tue, April 30, 2013 - Today's complex IT environments make maintaining 'always on' availability more challenging than ever before, even as IT has become central to most business operations. IDC's David Tapper says organizations must adopt a plan for achieving operational resiliency.
Mon, April 22, 2013 - A CIO once quipped, "Security isn't hard, compliance is." And in fact many companies focus their security efforts on meeting compliance requirements. But if you are audit compliant, have you in fact addressed all of your risks, or are you just kidding yourself? Is it better to focus on the risks presuming that doing so will cover you off on the compliance side? Network World Editor in Chief put the question to two practitioners, both of whom come down on the side of risk.
Mon, March 25, 2013 - From phishing your own employees to sharing your company's hack history, these techniques can help you get -- and keep -- users' attention about security.
Thu, March 14, 2013 - For a variety of reasons, some businesses are looking to downgrade from Windows 8 to Windows 7. The good news is that Microsoft's business licenses come with downgrade rights, but the catch is that the rules can be tricky and compliance could become an issue. Here are some clarifications on your rights when downgrading from Windows 8 or standardizing on noncurrent Microsoft software.
Fri, March 01, 2013 - Companies with IT security strategies that focus mostly on complying with key standards are dangerously unprepared for emerging cyber threats, said security experts at the RSA Conference 2013 here this week.
Fri, February 08, 2013 - More than half of employees who left or lost their jobs in the past 12 months took confidential corporate data with them and most plan to use it in their new jobs, creating the potential for IP contamination. How can you protect your IP?
Thu, February 07, 2013 - A new set of guidelines from the PCI Security Standards Council is intended to help merchants and cloud services providers comply with the PCI DSS when handling payment card data on the web.
Tue, January 29, 2013 - Startup Convercent officially debuted today with a software-as-a-service (SaaS) offering that lets employers make available to employees in electronic form, via computer or mobile device, the workplace ethics and compliance terms the business supports.
Tue, January 15, 2013 - EMC is building on its acquisition of the Syncplicity file-sharing and collaboration service by combining it with its Isilon scale-out NAS to provide the enterprise what the storage giant claims provides the convenience of a cloud-based file-sharing service with the administrative and governance capabilities of an on-premise solution.
Fri, December 07, 2012 - As revenue for new software licenses is down, software vendors are focusing more on licensing audits to recover some of that lost income. Here's a look at some of the steps a corporate IT organization can take before the auditors arrive to maintain compliance and limit potential damage.
Tue, November 13, 2012 - Studies show that employees are engaging in rogue use of the cloud, even when IT organizations say they have clear formal cloud policies and penalties for violation of the policies.
Tue, October 16, 2012 - If your IT security team must comply with regulations like PCI-DSS or HIPAA, you need to know who accesses your data and what they do with it, even if they're using a mobile device to do it. But performing forensic investigations on mobile devices is trickier than it is on PCs.
Thu, August 23, 2012 - Dell on Thursday said it will offer dedicated servers in its data centers and off-premises application and storage services for companies looking to establish private clouds.
Wed, August 15, 2012 - Your sensitive data is only as secure as the weakest link in your organization, and in many cases the weak link is your employees. A properly established security awareness and training program can pay huge dividends.