In today’s unpredictable business environment, it’s more important than ever that your organization is protected against cybercrime. One of the best ways to ensure that your data is safe is to enforce identity and access management (IAM) — a method for defining the roles and privileges of individual users within your network.

The PCAOB published fresh guidance last week about how auditors should handle evidence supplied by others to help the auditor assess financial statements, important performance or valuation metrics, and, well, all the other stuff that can go into an audit report these days.

Companies around the world have experienced tremendous changes. For publicly traded companies, those changes can bring new considerations into the frame for your Sarbanes-Oxley risk assessment. Shifts in strategy plans and a new remote, paperless way of operations could require major updates in your SOX compliance program. In this post we’ll discuss Sarbanes-Oxley in detail and outline a step-by-step method to perform the SOX risk assessment effectively.

When developing business continuity plans, businesses should understand that they actually need two documents: an incident response plan and a disaster recovery plan. Having an incident response plan means your organization is prepared for possible information security incidents such as a data breach, a system outage, or a security breach.

In today’s complex regulatory environment, organizations need to maintain compliance with numerous regulations. Two important cybersecurity-related compliance standards in the United States are the Federal Risk and Authorization Management Program (FedRAMP) and the Federal Information Security Management Act (FISMA). Although these two regulations do have similarities, they have several notable differences as well. This post will explore where FedRAMP and FISMA do, and don’t, overlap.

Every day healthcare providers must undertake the nerve-racking task of complying with an increasing number of healthcare regulations. According to one report, the healthcare industry spends nearly $39 billion every year on the administrative burdens of regulatory compliance. Today healthcare organizations must comply with more than 600 regulatory requirements.

Information security used to revolve around securing the locations where sensitive data was stored. Now, with the rise of cloud computing, data can be stored and transferred in an infinite number of ways — making it nearly impossible to protect against data breaches for every single device. The best solution for modern times, then, is a data-centric security model.

At its core, risk management is about identifying risks and guarding against them. It gives organizations a plan of action to determine which risks are worth taking and which aren’t, to assure better outcomes for their bottom lines. In this post we’ll outline the five steps of risk management, which you can use to protect your company against the uncertainties of doing business.

Security in cloud computing is often a major concern among cloud customers, mainly because of the risk of losing sensitive data and the difficulties of enforcing the organization’s security policies. Despite cloud computing’s potential efficiency for storing and exchanging files, cloud security remains questionable. According to one report from Statista, 81 percent of respondents found security to be the most prevalent challenge in cloud computing today.

Outsourcing is a critical part of business management and an important ingredient in business growth. One business outsources some task to another — but that second firm can also delegate some of its own business processes to yet another company. That last company then becomes a fourth-party to the first. As the role of fourth-party vendors expands, having a vendor risk management strategy in place becomes key to organizational success.