Generating data for test and development environments presents serious challenges for enterprise security and risk management. When data is copied from production databases and used directly for test/development, large volumes of private data accumulate on unprotected servers and workstations. The use of outsourced and offshore QA and development services further increases the risks. An alarming number of data breaches, along with complex regulatory compliance requirements, highlight the need to de-identify sensitive data when moving from production to test, development, and training environments.

GRC, by definition, involves bringing together governance, risk and compliance disciplines from across an increasingly complex, extended enterprise with deep interlocks to customer and supplier eco-systems. While it's not realistic to expect organizations to converge on a common set of GRC processes across this complex landscape, there is huge value in taking a federated approach to GRC that leverages the common risk elements from each business unit, IT and security teams, and management of third parties.

SEC Cyber Risk Guidance Overview and SEC Cyber Risk Disclosure Issues.

What to do: Be curious, ask questions about how risk is measured, educate yourself and your teams, and reflect back to your stakeholders on how IT components figure into the risk equation.

For many CIOs and IT managers, the benefits of moving to the cloud—increased efficiency, reduced cost, excellent scalability, pay-as-you-go pricing, the latest technology without the capital expense—are offset by concerns about security and service quality.

Prime Factors spoke with some of the best minds in data security to get their take on what kinds of data encryption management problems customers run into. They identified several common threats to key management and secure data access which they see over and over again, That advice is condensed and organized here for professionals responsible for effectively protecting sensitive data in their enterprises.

PINs (Personal Identification Numbers) are those ubiquitous numbers we all know. They are used to authenticate cardholders, protecting personal accounts and issuers from fraudulent activities. The technology used in the creation, use, and management of PINs can be overwhelming and confusing.