Access "Demystifying governance, risk and compliance"
This article is part of the June 2010 issue of Finding affordable encryption options for laptop data security
Due to the stunning increase in the amount of regulatory and industry requirements over the past decade, a methodology commonly referred to as governance, risk and compliance (GRC) emerged. The most basic definition of the GRC methodology is that it harmonizes efforts across previously detached disciplines that existed in their own silos within an organization. Historically, compliance was a function of audit, risk management -- if it was performed at all-- was a function of management, and governance generally didn't exist as a discipline outside of Wall Street and the banking industry until Sarbanes-Oxley (SOX) made it a requirement for publicly traded companies. However, with the emergence of the Payment Card Industry Data Security Standard, the maturation of SOX and the increased scrutiny being brought to bear by industry-specific regulations such as Gramm-Leach Bliley (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA), it's become impossible for organizations to avoid addressing each of these disciplines. And the amount of effort... Access >>>
Premium Content for Free.
Cloud computing risks and how to manage them
by Tim Mather
Cloud computing alters enterprise risk. Here's what you need to know in order to safely navigate the cloud.
Use full disk or file/folder encryption for laptop data security
by Dave Shackleford
Learn about the options for protecting laptop data, including full disk encryption and file/folder encryption, and their associated deployment and management challenges.
- Cloud computing risks and how to manage them by Tim Mather
Symantec acquisitions cement encryption-as-a-feature
Symantec acquisitions of PGP and Guardian Edge future ensures that encryption is becoming less of a standalone security tool.
Demystifying governance, risk and compliance
by David Schneier
GRC aims to bring together disparate compliance efforts in the enterprise, but the concept has been stymied by a lack of clarity. Developing a GRC program requires three key steps.
- Symantec acquisitions cement encryption-as-a-feature
Don't keep quiet after a data security breach
by Kim Getgen and Kimberly Kiefer Peretti
Organizations who stay silent after a data security breach end up paying a higher price and helping cybercriminals.
Weighing the risk of hiring hackers
Bruce Schneier and Marcus Ranum debate the risks associated with hiring hackers.
Information security spending shouldn't be driven by compliance
If you're spending more to protect custodial data because of compliance than you are to protect company secrets, you're missing the big picture.
- Don't keep quiet after a data security breach by Kim Getgen and Kimberly Kiefer Peretti
More Premium Content Accessible For Free
Deploying data protection technologies properly requires a lot of time and patience. While most firms can get started by using preconfigured policies...
The bring your own device (BYOD) movement, which has flooded the enterprise with employee-owned smartphones, tablets, phablets and purse-sized ...
For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most ...