For all organizations with current or planned initiatives in the area of IT governance, risk management, and compliance (IT GRC), this report describes the policy, planning, process, and organizational elements of successful implementations.

The collaborative benefits of Web 2.0 technologies have fueled rapid growth in online consumer markets and now are being adopted by businesses worldwide. With these technologies come new types of attack vectors.

Litigation always, has been, and will continue to be, a reality of doing business. What is changing, however, is discovery and its focus on electronically stored information (often abbreviated ESI).

Once an organization has become litigation ready by creating an ESI survey data map,implementing a records retention and deletion process, and establishing a litigation hold process, additional steps can be taken to further prepare for legal actions.

Healthcare organizations face a host of HIPAA Security Rule compliance challenges with the move to put patient medical records online.

- An Osterman Research white paper, sponsored by MX Logic

Security costs are large & growing, with technical countermeasures dominated by on-premise licensed solutions. Companies wrestling with providing stronger security and meeting compliance requirements are seeking more efficient ways to provide security.

This whitepaper will examine PCI DSS and explain how Lumension® Compliance and IT Risk Management can help organizations reduce the cost of addressing compliance by streamlining and automating the IT audit process, unifying control and compliance frameworks, automating assessment and remediation processes, and enabling continuous monitor­ing of their compliance and IT risk management posture.

Organizations today are finding themselves under increasing pressure, both legal and regulatory, to properly retain or delete documents. While policies and procedures for paper records may seem adequate, many companies find it difficult to translate those policies and requirements to electronically stored information (ESI) such as e-mail messages and electronic document files.

Although data privacy and identity theft have a higher profile in the minds of consumers, data retention issues can have a far greater financial impact on businesses. Every company, whether public or private, large or small, must have a policy and enforcement system to deal with the messages and files generated by the organization every day.

The general compliance deadline for 201 CMR 17 was initially set for January 1, 2009, but it has been pushed to January 1, 2010 in response to concerns3 from a variety of businesses large and small, industry organizations and other affected organizations.

The North American Electric Reliability Corporation(NERC) is a non-profit corporation chartered to ensure that the bulk electric system in North America is reliable, adequate and secure.

Taxes are certainly not fun, but there is something worse: an audit. Combine the two in a risk and compliance scenario and you have the onerous "audit tax," a figurative term used to describe the expenses a company incurs when deploying resources and manpower to satisfy the burgeoning set of internal and external compliance and audit mandates.

This handbook provides information that you will need to register for the SCCE Certified Compliance & Ethics Professional (CCEP)Examination, including eligibility requirements, examination policies, an examination content outline, and an examination application.