Compliance Software » risk management

FISMA capstone document released by NIST — Government Computer News

compliancesoftware — Fri, 17 Dec 2010 00:00:54 +0000

The National Institute of Standards and Technology has released a draft of its guidelines for implementing enterprisewide information risk management. The document defines the underlying principles for implementing the Federal Information Security Management Act. via FISMA capstone document released by …

In 2011 The GRC Market Will Grow 20%, Driven More By Breadth Than Maturity | Forrester Blogs

compliancesoftware — Mon, 13 Dec 2010 01:17:31 +0000

On the heels of Forrester’s GRC Market Overview last month, this week we published my Governance, Risk, And Compliance Predictions: 2011 And Beyond report. Based on our research with GRC vendors, buyers, and users, this paper highlights the aggressive regulatory …

E-crime Now More Common Than Real Crime

compliancesoftware — Thu, 21 Oct 2010 01:14:19 +0000

If there was any doubt about the popularity of electronic dupery, it should be put to rest with a report on global fraud released the week by the risk management consulting firm Kroll. For the first time since 2007, when …

Enterprise risk management: Get started in six steps

compliancesoftware — Wed, 08 Sep 2010 21:17:22 +0000

I propose that ERM is worth doing and doesn’t have to be so complex if you simply “begin with the end in mind,” as Stephen Covey says in The 7 Habits of Highly Successful Security Leaders. Or would have said …

GRC goes into the Cloud – Express Computer

compliancesoftware — Sat, 06 Mar 2010 22:25:53 +0000

eGestalt has announced the availability of SecureGRC, a solution that provides an end-to-end integration of security monitoring with IT-Governance, Risk Management and Compliance (IT-GRC) management solutions using a cloud-based delivery model. via GRC goes into the Cloud – Express Computer.

SEC Approves Enhanced Disclosure About Risk, Compensation and Corporate Governance

compliancesoftware — Sat, 19 Dec 2009 03:33:23 +0000

In particular, the new rules require disclosures in proxy and information statements about: * The relationship of a company’s compensation policies and practices to risk management. via Press Release: SEC Approves Enhanced Disclosure About Risk, Compensation and Corporate Governance; 2009-268; …

ISO 31000 Risk management

compliancesoftware — Thu, 03 Dec 2009 00:41:35 +0000

By now, many of you have read the newly released ISO 31000 Risk management — Principles and guidelines standard. (Others may have seen its release draft or be familiar with its predecessor the AS/NZS 4360 standard.) It provides a well-written, …

ISACA to host IT security conference in Las Vegas |

compliancesoftware — Tue, 28 Jul 2009 12:47:54 +0000

The role of the IT security professional has expanded from securing an enterprise’s information to also managing the associated risk. ISACA has responded by offering the new Information Security and Risk Management Conference, which combines the most timely material from …

Is IT Risk Management Compatible With ERM?

compliancesoftware — Wed, 22 Jul 2009 18:02:27 +0000

But in spite of these warnings, my conversations with enterprise risk and IT risk professionals still reveal many disconnects, including that IT risks are not measured consistently with other enterprise risks. In addition, many IT risk professionals do not see …

PCI DSS Incident Response: The Legal Perspective #PCI

compliancesoftware — Thu, 09 Jul 2009 12:00:38 +0000

The SANS Institute InfoSec Reading Room recently published an article by Christian J. Moldes entitled PCI DSS and Incident Handling: What is required before, during and after an incident. Moldes’ whitepaper is a good starting point for developing an incident …