Tue, April 17, 2012 - It's been a busy 2012 on the Hill. As legislators and policymakers grapple with an array of issues central to the policy agendas of companies in the technology industry, CIO.com takes stock of how Washington has moved on intellectual property, cybersecurity, privacy and spectrum in the first quarter of 2012.

Mon, April 16, 2012 - Enterprise IT departments can look to the new COBIT 5 framework for governance and management best practices, according to ISACA, a global nonprofit IT industry group.

Wed, April 11, 2012 - Mobi Wireless Management's Brandon Hampton advises Fortune 100 companies transitioning from corporate-owned devices to bring-your-own devices, or BYOD — and in this Q&A with CIO.com you'll be surprised at what he tells them.

Mon, April 02, 2012 - Businesses may have scaled back their security and risk management investments during the economic downturn, but cybercriminals continued to invest. In the coming years, criminal organizations will grow even more sophisticated. To be prepared for what's coming, organizations must adjust their approach to security now.

Fri, March 23, 2012 - Organizations on average spend one-tenth as much on application security as they do on network security, even though SQL injection attacks are the highest root cause of data breaches. Experts say educating developers in writing secure code is the answer.

Tue, March 20, 2012 - Are enterprise applications really secure? It depends on whom you ask.

Mon, March 12, 2012 - CIOs are waking up to the reality that they've lost control over access to data stored in software-as-a-service applications purchased by other departments.

Fri, March 09, 2012 - Proponents of a common scheme for managing user identity in cloud-based applications will pitch their idea to the Internet's premier standards-setting body at a meeting in Paris later this month.

Fri, February 24, 2012 - SSL certificates are a fundamental component of secure online transactions, but a new survey finds that a majority of organizations don't know where or how many certificates they actually have, and nearly as many lack an accurate idea of which certificates are about to expire. Venafi CEO Jeff Hudson says this increases organizations' operational, security and audit and compliance risk.

Mon, October 31, 2011 - Check Point Software is buying governance, risk management and compliance vendor Dynasec Ltd., which will add software that can help businesses comply with government regulations such as Sarbanes-Oxley and health insurance portability and accountability act (HIPAA).

Thu, October 06, 2011 - Tired of regulators from three or four federal agencies auditing your network security compliance every year? A congressional task force recommends a super-standard that would cut the number of annual audits back to just one.

Wed, September 28, 2011 - Businesses aren't getting much better at meeting payment card industry (PCI) standards year-to-year, perhaps because they get cocky about passing one year and figure they will breeze through the next, according to a study by Verizon PCI and Risk Intelligence teams.

Wed, September 21, 2011 - With the proliferation of data breaches, The Harford insurance company is selling a new data loss insurance aimed at small businesses that might be put at financial risk if they lose valuable and sensitive data.

Fri, September 09, 2011 - Health care organizations that are performing risk assessments as a way to craft patient-privacy policies might want to consider a new potential attack vector: federal regulators.