HOT TOPICS: Customer Experience Marketing Automation Social Business SharePoint 2013 Document Management Big Data Mobile DAM

Grc News & Analysis

Customers Aren't Worried About Data Breaches [Infographic]

2014-20-November-yawn.jpgHere's good news for every company that's careless with personally identifiable information: Your customers apparently don't care.

A new study by global IT association ISACA shows that consumers haven’t changed their shopping behaviors despite a year of retail data breaches — worrisome, the organization maintains, especially with the shopaholic trifecta of Thanksgiving Day, Black Friday and Cyber Monday is just a week away.

It's not that consumers are unaware of the problem. According to the 2014 ISACA IT Risk/Reward Barometer, almost all US consumers (94 percent) have read or heard about major retailer data breaches in the past year. But while three-fourths of those surveyed claim those data breaches have increased their concerns about their personal data privacy, few are doing anything about it.

Few Organizations Have Strong Internal Search Capabilities

Why is it so easy to find virtually any information you need with a quick search online and so difficult to find what you need on internal networks? According to a new study (registration required), the problem is pervasive. 

The study, conduced by AIIM — the Association for Information and Image Management — found three out of four information professionals think it is easier to find information outside of their organizations than within. And 25 percent acknowledged their organizations lack advanced or dedicated search tools.

And that’s not all. More than 50 percent of the 415 information professionals polled describe their legal discovery procedures as “ad hoc, manual, disruptive and expensive,” said study author Doug Miles, head of the AIIM Market Intelligence Division.

“These people, and particularly the 28 percent who have no policy or process for legal discovery, could find themselves hit with litigation, or a compliance investigation at any time, and they would be in chaos — very expensive chaos!” he said.

When Your Organization's Reputation is at Risk

An organization’s reputation is critical to their success (in almost every case). A smart CEO and her board pay attention to the organization’s reputation and take care to nurture, protect and grow it.

A new survey by Deloitte reinforces that obvious truth and states one other truth that should be obvious to us all: “reputation risk is driven by other business risks.”

Office 365 Promises Greater Data Security, Theft Protection

2014-23-October-theft-of-finances.jpg

Despite the progress Microsoft is making with Office 365, its claim to universality won't stand up until it gains traction with government and public bodies. Microsoft obviously understands this.

While Microsoft the company has given Office 365 for private enterprises a lot of love in the past few months, it hasn’t been neglecting the public sector either. And that makes the thorny issue of regulatory compliance even more critical.

Regulatory compliance is important for the private sector, but it is essential for public agencies. As a result, Microsoft is introducing IRS 1075 compliance to Office 365. The goal here is to prevent anyone from walking away with personal financial information, especially tax related data.

Security Today: Dynamic Access, Permissions, Encryption

2014-22-October-Security.jpgContent security is top of mind these days. Every week brings news of yet another data breach, with companies large and small making the news for all the wrong reasons.

Many of these breaches occurred because of a failure to maintain base level security or enterprise data. Although structured databases are a treasure trove of sensitive information, most database systems offer many layers of protection with the advantage that the database itself remains, usually on IT-managed infrastructure.

Security controls are potentially more critical for unstructured content -- because file-based information is insanely portable and moveable with modern devices and always-on connections. It’s important to consider content security in light of the more recent history of enterprise security. For a long time, security has been defined by borders and boxes.

Why Risk Management Technology Projects Fail

Too many organizations buy risk management solutions for today, without thinking of their needs for the future.

Michael Rasmussen works with a number of companies that sell solutions for risk management (these days typically packaged with other “stuff” and mislabeled GRC solutions) and helps buyers of those solutions, as well as participating in related conferences and seminars.

And though he has never run a risk management function, his views merit attention.

Quantifying the Value of Your Data

Whether it’s the amount of risk in a particular decision or the reason for a problem that impacts the bottom line, the unknown is a scary concept. As businesses continue to generate vast amounts of data, the business value of this information is palpable. However, determining whether or not this data has any economic value is difficult. Armed with advanced tools that produce incredibly huge amounts of data, storage, retrieval and analysis, businesses have taken on a new method to minimize this unknown.

The Key to Security is Subtlety

2014-23-September-Megaphone.jpgPeople are similar when you dig deep: they want to get thing done and move on to the next thing. Even procrastinators get great work done when faced with having to get an even larger task accomplished.

Most people also share a degree of stubbornness. People are happy to do things your way if they see the benefit, but anything that's perceived as getting in the way is quickly worked around. When you try and force something, they will dig in their feet on sheer principle. It's amazing how hard people will work around things that they view as unnecessary change.

For organizations rolling out new systems, this is a problem.

Hoarders Anonymous for Unstructured Data

2014-19-September-Pez-Collection.jpgDo you have a storage area where you keep items you rarely or never use? Do you periodically sort out your stuff, or do you keep collecting items of debatable value? It’s human nature to hold onto things we never use for extended periods of time -- it's like the junk drawer everybody has somewhere in their house that holds a collection of random items we think are important, but we usually use the same few items every time we open the drawer.

It’s called a “JUNK drawer” for a reason -- because it’s mostly junk, and most of it should be tossed in the trash. So why do we keep these items of questionable value or use?

My Tolerance for Risk Appetite Is Fading

Making people believe they have effective risk management because they discuss a point-in-time list of so-called “top risks” and set limits for those few risks is making them believe in fairies.

It is setting them up to be surprised and for a failure to deliver success.

What Continuous Compliance Success Looks Like

2014-17-July-King-World.jpgThere is no specific, prescriptive path to guarantee your business will be covered for every eventuality and incident it may encounter. But by following three steps, you can get you -- and your organization -- in a proactive compliance and security mindset.

The Link Between E-Discovery and Information Governance

The difference between e-discovery and information governance is the difference between reactive and proactive.

When documents shifted to digital format, companies needed a solution to help find and identify the electronically stored information necessary for legal procedures. Enter e-discovery.

E-discovery allows companies to identify information assets, which enables them to establish governance policies. These policies include proper retention controls, storage hierarchy migration criteria, metadata capture, security, privacy and access rights and more. The discovery and inventory of information assets is a necessary part of an overall information governance strategy.

Microsoft Tightens Email Security

2014-01-July-Security.jpg

Edward Snowden has done more for electronic security than anyone else. Singlehandedly, he has forced some of the biggest IT vendors to take a close look at data, data transfer, and how it is stored.

This follows the revelation that security agencies across the world were systematically scanning emails.

In response, Google has made much of its email encryption practices and its efforts to secure the contents of the email itself.

Last night, Microsoft, in turn announced that it has upgraded its encryption standards across all its networks.

These Trends are Driving Structured Data Archiving

The growing use of Apache Hadoop, increasing data warehouse volume sizes and the accumulation of legacy systems in organizations are all factors fostering structured data growth. To manage it, organizations are being forced to look at data archiving and how to get non essential data out of mainstream enterprise applications.

The findings appear in Gartner’s first Magic Quadrant for Structured Data Archiving. This is the first time that Gartner has produced such a Magic Quadrant, which features 13 vendors in total including the four leaders.

While many enterprises are yet to embrace data migration and archiving, Gartner estimates that migration will represent about 20 percent of all information governance projects. To help enterprises do this, four vendors have emerged as the leaders in the archiving space: HP, IBM, Informatics, and Solix.

In this article, we will explore this quadrant and take a look at emerging trends and the market in general. In a second article, we'll take a deeper look at the leaders and what they are offering. 

 

Communication Is Key to Continuous Compliance

Compliance is no longer a monthly, or even weekly, task -- it’s something that needs constant evaluation and adjustment. Sources change and applicability of control over data should be under consistent review -- that’s the age of continuous compliance we live in today. One requirement of continuous compliance is ongoing, effective and intelligent communication. There are some ways to help improve communication and ensure your compliance and security teams get the best, most relevant and timely information to keep you secure and compliant -- and remain that way.

Displaying 1-15 of 333 results

< Previous 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Next >