CIO.com - Compliance

Tech Leaders Call for Global Harmony on Privacy, Security

Fri, 27 Jan 2012 05:00:00 GMT

In the borderless digital world, tech and finance companies can get tangled up in a web of laws and regulations on privacy and data security.

How Open Source Licenses Affect Your Business and Your Developers

Tue, 24 Jan 2012 05:00:00 GMT

Copyleft licenses have been the most popular choice for new open source projects. Recently, however, developers and companies seem to be moving from the GPL in favor of less restrictive permissive licenses for open source projects. What's behind the trend and how does it impact your business?

Android Developers Face Legal Hurdles in License Compliance

Thu, 18 Aug 2011 04:00:00 GMT

Developers who make apps for Android have a lot more to worry about than just building great software.

Visa to Make it Easier for Merchants to Adopt Chip-Based Card Payments

Tue, 09 Aug 2011 04:00:00 GMT

Visa today announced plans that will let qualifying merchants in the U.S. eliminate the need to annually validate their compliance with the Payment Card Industry (PCI) data security standard.

Cloud Computing: 4 Tips for Regulatory Compliance

Mon, 08 Aug 2011 04:00:00 GMT

Cloud computing makes it harder for enterprises to be sure they're complying with industry and government regulations. IT and legal experts offer CIOs advice on how to stay in compliance even when their applications reside in the cloud.

Apple Gets Serious About iPad Security, Is It Enough?

Wed, 03 Aug 2011 04:00:00 GMT

Can you send encrypted email from your iPad? Not yet. As iPads pour into the enterprise, CIOs hope Apple can help solve this and other security problems.

Oracle Overtime Case Spells Trouble for California Tech Companies

Mon, 11 Jul 2011 04:00:00 GMT

California's Supreme Court recently ruled against Oracle in an overtime case that may have far-reaching implications for employees and employers across the U.S., especially other California-based tech companies.

What Recession? Sarbox Compliance Appears Unhurt By Pressure

Tue, 21 Jun 2011 04:00:00 GMT

The recession's many corporate pressures didn't have any impact on the Sarbanes-Oxley compliance work of finance and audit executives, according to research by the internal audit and consulting firm Protiviti.

Enterprises Get New Guidance on PCI Compliance in Virtual Environments

Wed, 15 Jun 2011 04:00:00 GMT

Enterprises got some much needed clarification on the implementation of PCI requirements in virtualized environments on Tuesday.

Putting a Finger on Compliance Control

Mon, 13 Jun 2011 04:00:00 GMT

Last year, administrators in the City of Winter Park, Fla., realized they had a serious compliance risk in their police department. The FBI's Criminal Justice Information Services Division has regulations that call for tight access controls for records. However, many officers share workstations and, therefore, also share passwords. The solution, they realized, was to deploy fingerprint scanners that would enable individual authentication.

Damn the Silos, if They Harm Data Security

Wed, 25 May 2011 04:00:00 GMT

The more I cover compliance -- which is a lot these days -- the more I realize that organizations still have work to do in discovering and protecting sensitive data. I actually think the problem is a simple one, and it follows that old adage: "Too many cooks spoil the broth."

Offshoring: 7 Tips To Prepare for India's Proposed Privacy Rules

Fri, 13 May 2011 04:00:00 GMT

India's proposed data privacy regulations could create serious logistical problems for offshoring customers if passed. Offshore outsourcing attorneys and analysts explain how the data protection rules will impact customers.

Making the ROI Case for GRC Platforms

Thu, 05 May 2011 04:00:00 GMT

As the governance, risk, and compliance market matures, product vendors and potential buyers alike are struggling to make the case for GRC implementations--whether it's being able to point to credible return on investment figures, or building a business case to justify the expense of a software platform. This is certainly not due to a lack of value, but rather a lack of parameters to work with when defining essential elements relating to cost, benefit, flexibility, and risk. When possible, the GRC proposition should be driven by a vision of better governance and performance, but when pressed for more specific justification, the following factors will help provide specific supporting evidence to make the case:

What Do Security Auditors Really Think?

Tue, 15 Mar 2011 04:00:00 GMT

What do auditors involved in making sure companies meet compliance requirements really think? For starters, companies don't care much about privacy and security, while encryption gets applied at a minimum to meet rules, according to a study of 505 security auditors by Ponemon Institute.

Survey on PCI: How it's Impacting Network Security

Wed, 12 Jan 2011 05:00:00 GMT

A survey of 500 information technology professionals with responsibility to assure compliance with the Payment Card Industry (PCI) security standard shows just over half find it "burdensome but necessary" in their organizations and about a third see it impacting their virtualized network environments in particular in the future.