- What is SharePoint 2010? Vision and Reality
view comments - Myths & Realities of Drupal
view comments
- Knowledge Management in 2012? Probably Dead
view comments
- iPad 3 vs. New Samsung Tablet: War Starts in February
view comments
- iPad 3 to be Unveiled by Apple in Early March
view comments
- 5 Signs Your Company Doesn't Get Social Business
view comments
- 5 Critical Steps to SharePoint Information Architecture Planning
view comments
- Knowledge Management Meets Social Business: KM is Dead, Long Live KM!
view comments
Receive
the Free CMSWire NewsletterGRC Roll-up: The Mistakes and Rewards of IT Security Compliance
This week the GRC Roll-Up tackles IT security compliance, both the mistakes to avoid and the rewards it can reap. There's also some HIPAA thrown in for good measure.
Mistakes of IT Security Compliance
Anyone who works within the realm of IT GRC knows that ambiguities abound. Most regulatory requirements can be approached with a bias and may allow for multiple interpretations. Qualys, provider of on demand IT security risk and compliance management solutions, recently published a guide to Avoiding 7 Common Mistakes of IT Security Compliance, which lays out the seven typical mistakes of IT security compliance and the ways organizations can learn to achieve its compliance goals.
What is on the list isn’t necessarily surprising nor shocking, but does reiterate the points that all organizations know they needn’t do. The seven mistakes outlined, include:
- Decentralized Policy Management
- Failure to Define Compliance
- Tactical Instead of Strategic Response
- No Pre-implementation Testing
- Treating the Audit as a Nuisance
- Lack of Team Buy-in
- Ignoring Hidden Costs of the Solution
While Qualys provides reasons as to why these are each mistakes, most of us already know. However, taken individually, companies may think that it’s okay to sacrifice an audit here or costs there, but taken together, these seven mistakes can amount to a heap of trouble.
Rewards of IT Security Compliance
If you can avoid the mistakes outlined above, IT GRC can reap its rewards. A new study suggests that companies who have been working to achieve top performance in enterprise risk management (ERM) and information technology governance, risk management and compliance (IT GRC) have reduced associated operating costs by 6.4%. IT Security: Balancing Enterprise Risk and Reward, published by Aberdeen Group, describes how Best-in-Class companies manage their IT Security investments to balance enterprise risk and reward and found that the top performers:
- eliminated 10% of redundant risk management processes and activities
- increased the resources available to work on the organization's strategic, "rewarded risk" initiatives
The totals saved add up to the cost of a half-day of additional productivity per week for every associated full-time equivalent resource. Yet, the process for managing risk is still not perfect — a majority of all risk management initiatives are still intensely manual, despite the fact that other top performers were four times more likely than all others to have invested in centralized, automated systems for GRC.
Ultimately the study confirms what we already know — ERM and IT GRC frameworks and technologies are invaluable tools, which can help businesses manage risk and be compliant.
2010 Compliance Conference Tackles Healthcare Billing and Management
Recently we’ve covered HIPAA/RMS, a new web-based 24/7 compliance platform built to meet HIPAA and HITECH Act compliance specifications and safeguard their policies and procedures. Compliance to these policies are not only required, but can help businesses oversee their operations efficiently and ethically.
To help companies better understand policy’s impact and the tools available to help meet compliance, the Healthcare Billing & Management Association (HMBA) hosts the 2010 Compliance Conference. Scheduled for March 9-11, in Alexandria, VA, HBMA’s Compliance Conference hopes to help participants gain a deeper understanding of many issues relating to compliance within the healthcare billing industry.
Participants can expect many lively discussions about critical compliance areas, like
- HIPAA, HITECH and other federal regulations
- Billing company policies and procedures
- Effective monitoring and auditing
- Coding education and training
- Risk assessments
- Billing contracts and negotiation
To learn more or register for the HBMA 2010 Compliance Conference, visit HBMA’s event page.
Email ItFeatured Events View all
| Add event
| 
RSS
- Feb 22, 2012 – Intelligent Content Palm Springs 2012
- Feb 26, 2012 – SPTechCon - Sharepoint Conference San Francisco 2012
- Feb 28, 2012 – (Webinar) How to Build Great Mobile Websites
- Mar 6, 2012 – Get Social with Microsoft & Telligent in Dallas
- Mar 8, 2012 – Get Social with Microsoft & Telligent in New York
Who's Hiring? View all
| Post a job
| RSS
- Web Content Manager in Newport Beach at Orange County Museum of Art
- Principal Business Consultant in Paris at Saba
- Director of Customer Success Management in Nova Scotia at Radian6
- Software Engineer -- Media Solutions in Bucharest at Adobe
- Technical Writer in Charleston at Blackbaud
- Interaction Designer in Maryland at Inmedius
- Project Manager in London at Brandworkz
- Sales Director, Consumer Electronics at Synacor
