Organizations face a complex environment of risk, internally and externally. Geopolitical, financial/treasury, economic, operational, legal, and regulatory environments produce compound risks for organizations to manage. Many organizations are learning that these risks often interrelate to create a much larger risk environment than each independent silo is aware of. What may seem an insignificant IT risk in one area of the…

Given the media phenomenon of WikiLeaks alongside widespread coverage of exposure of sensitive corporate information, more and more enterprises are waking up to the risks of unstructured content — both within their organization, such as internal SharePoint sites or other file shares, and on the Web. Most large enterprises today have risk, compliance, and privacy policies in place to govern…

The early stages of a paradigm shift can introduce a period of ignorance that quickly moves to fear, uncertainty, and doubt. Organizations fi nd comfort in the old way of doing things, but must move forward and begin to leverage new approaches to stay competitive. Seamless collaboration with electronic documents is one of those business practices that may completely revolutionize how technology creates value for companies. Thanks…

The Payment Card Industry Data Security Standard (PCI DSS), developed by the Payment Card Industry Security Standards Council, which consists of vendors such as VISA, Master Card, American Express, Discover and JCB, provides payment card data protection requirements for organizations that process card payments. PCI DSS compliance is required of all merchants and service providers that store, process, or transmit…

IT departments are scrambling to keep up with multiple initiatives that demand greater oversight of risk and compliance across the IT infrastructure, identities, processes and information. Most organizations approach these issues reactively — putting out IT fires wherever the flames are the hottest. It is time for IT to step back and think strategically; to figure out how to streamline…

Utilities are under increasing pressure for accountability bearing down from several angles. The calls to manage IT risk and compliance forces them to rethink how they approach compliance economically and strategically. An increasingly interconnected world means utilities must consider emissions and global warming concerns, corporate social responsibility, capacity and future sustainability of power, and the protection of critical infrastructure. The…

Healthcare organizations and their business partners are facing compliance trauma from every aspect of the business. All one needs to do is look at the headlines. The attorney general of Connecticut is suing the Connecticut-based arm of a major healthcare provider over a missing external hard drive that contained the medical and financial records of more than 400,000 state enrollees.1…

For the past eight years, government agencies have struggled to comply with the requirements of the Federal Information Security Management Act of 2002 (FISMA).1 The goal of FISMA is to control information security as it impacts national security and the economic interests of the United States. Compliance obligates each U.S. federal government agency to “develop, document, and implement an agency-wide…

CO-AUTHORED WITH BEARINGPOINT Access management (AM) and segregation of duties (SoD) controls have become increasingly important to executives and corporate managers responsible for preventing fraud, ensuring the security of enterprise information systems, and complying with the Sarbanes-Oxley Act and other regulations. Although AM and SoD controls have always been required, they were often viewed as part of regulatory compliance and, thus, frequently overlooked. This…