Auditing, testing and assessment for compliance, Bank Secrecy Act compliance, Basel II regulatory compliance and requirements, Compliance best practices, Electronic data discovery compliance, FACTA law requirements, FFIEC compliance guidelines, GLBA compliance requirements, HIPAA: Laws and guidelines, PCI DSS: Audits and requirements, Risk frameworks, metrics and strategy, SEC and FDIC regulations, SOX financial reporting compliance, State data security breach laws
Data governance best practices, IT disaster recovery planning and management, Risk assessment and management, Threat prevention, Risk management frameworks, metrics and strategy
Business partner and vendor security issues, Debit and credit card fraud prevention, Financial transaction protocols and security, Logical and physical security convergence
Corporate network security, ID management and access control, Online, Web and application security, Secure communications
Definition
Governance, Risk and Compliance (GRC) is a combined area of focus within an organization that developed because of interdependencies between the three components. GRC software products, available from a number of vendors, typically facilitate compliance with legal requirements, such as those specified in the Sarbanes-Oxley Act (SOX) or occupational health and safety regulations.
Learn more about governance, risk and compliance at SearchCompliance.com
Microsoft plans to fix coding errors in Internet Explorer, .NET Silverlight and Microsoft Office.
This is an excerpt from the book Web Application Security: A Beginner’s Guide that describes the intricacies of using script code within the framework of a same-origin policy.
Sourcefire CTO Marty Roesch introduced cloud-based analysis for threat intelligence gathering. Network security monitoring platforms like RSA NetWitness may be headed in a similar direction.
Deciding whether your cloud provider is a business associate comes down to a judgment call based on the type of cloud usage.
A look at SaaS encryption techniques and challenges.
Problems with data governance in the cloud aren’t much different than traditional outsourcing.
VARs expect customers to increase spending on security more than any other IT area in 2012. See which security segments will grow the most.
Blogging can produce new leads for security solution providers. Focus on content in your computer security blog that connects with customers.
This penetration testing tutorial contains essential tips to help solution providers uncover vulnerabilities in clients’ networks.
A study finds attackers targeting firms with poor patch management policies, exploiting vulnerabilities that should have been patched years ago.
New DDoS statistics suggest hactivist groups are to blame for an increase in the number and types of DDoS attacks across the Internet.
New Web application vulnerability statistics show the number of vulnerabilities is rising, despite the use of Web application development frameworks.
Windows Phone 7 security features are proving to be a mixed bag. Sam Cattle assesses the enterprise security pros and cons of the latest Windows mobile platform.
Whether starting your career or planning your next step as an IT security professional, this tip will guide you toward the best certifications for your interests and experience.
SearchMidmarketSecurity.com’s tutorials offer IT professionals in-depth lessons and technical advice on the hottest topics in the midmarket IT security industry. Through our tutorials we seek to provide site members with the foundational knowledge needed to deal with the increasingly challenging job of keeping their organizations secure.
Data quality remains a top challenge for business intelligence. For CIOs, this should be the question: What's good enough for the task at hand?
The 2012 Gartner CIO Leadership Forum will focus on how CIOs can drive the innovation process and how they and IT can transform the business.
Most organizations sit on a gold mine of business intelligence. Extracting it requires knowing how analytics projects differ from day-to-day IT work.