Engineers don’t have time to translate their workloads into “audit speak”. Auditors can’t provide...

We just got our daily update from JDSupra (still LOVE THEM!) titled "California's Shine the Light...

Here's the vocabulary you need to navigate any security publication.  Sitting on the train?  Do a...

While 15% of EU citizens report not trusting businesses with their information, they also lack the...

How old is your facebook picture? (No, don't tell me, I don't care.)  How much of our privacy...

EU Data Protection Authorities Approve Google’s Cloud Commitments for International Data...

Effective April 15th 2017, AICPA's New Cybersecurity Risk Management Examination Report

Why, in an evolved society, would we need a policy that prohibited employees from making...

I like this privacy policy.  

 Keith Lipman, Esq. is an outstanding writer and contributor at JDSupra

Place holder for summary of GRC tools and platforms Place holder for summary of GRC tools and...

Question: Is Green Less or More? Climate Change isn't the only reason to care about GREEN...

History of controls harmonization is really the history of managing conversations about risk. Cyber...

  You need to unblock cookies to view a YouTube video. We find it powerful and timely.  If you prefer...

An Inconvenient Truth for Women

ISO/IEC 27001:2005 - now ISO/IEC 27002:2013

ITAF Information Technology Assurance Framework

Do you know your a.s.s from your t.l.a?

Here are some laws that come up frequently in technology conversation and are also most often...

Hear John Carlin, chair of the global risk and crisis management practice at Morrison & Foerster and...

Privacy by Design, presented by Marc Vael, President ISACA Belgium 

Making Process Real, a seminar in preparing to meet new regulations for controls as proposed by...

Me Tarzan, You Jane is my way of reminding everyone that we can't get far without some common...

In order to propose controls that would implement the requirements of the GDPR in UK governed...

National Vulnerability Database

North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) –...

New York State Department of Financial Services (DFS)  first-in-the-nation cybersecurity regulation to...

NIST Cloud Computing Reference Model SP 500-292

The Security Content Automation Protocol - SCAP

AICPA Service Organization Control Reports - SOC 2

What Are the 13 Requirements for PCI DSS 3.2 2016 Compliance? Navigating PCI DSS: Understanding the...

Security and Privacy Issues and Precautions There are Six Steps to Achieving PCI Compliance, seven if...

 Risks in Life Logging - ENISA, because Europe saw it coming

Did you know you can export a visio html map of your UML (Unified Model Language)...

Did you know you can export a visio html map of your UML (Unified Model Language) diagram?

HIPAA – HITECH, Aligning Secure Host Baselines According to Common Security Framework CSF

[Although this thread is out of date - has some historical value for anyone researching bogus SEO...

Did you know you can export a visio html map of your UML (Unified Model Language) diagram?

"The conference went well, I think, is all I can say for sure."  In spite of actual applause, a...

Themes of discussion on EnterpriseGRC Solutions - Governance Risk and Compliance, Maturity vs....

Today We Work Out of respect to those who waitFor the privilege of perceived usefulnessWe...

The New Auditing Paradigm - IAM and SOX Controls Automation Workday Rising presentation showed an...

It is not just a game By Barbara Davi

Can you translate your product or industry to the most current regulatory requirements?  Can you...

A fight is going on inside me," he said to the boy. "It is a terrible fight and it is between two...

My mother sighed a lot. She pulled on high heeled boots and a big furry hat like the one singers and...

Tools approach to automating ISO27002 ISMS Policy aligned continuous monitoring