Accountability vs. Compliance in the Cloud

Engineers don’t have time to translate their workloads into “audit speak”. Auditors can’t provide...

Read More...

Are we ready to be a society in the cloud?

We just got our daily update from JDSupra (still LOVE THEM!) titled "California's Shine the Light...

Read More...

CISSP Study Glossary

Here's the vocabulary you need to navigate any security publication.  Sitting on the train?  Do a...

Read More...

Data Centric Security and EU Global Data Protection Rule GDPR

While 15% of EU citizens report not trusting businesses with their information, they also lack the...

Read More...

Data in the Cloud - Explicit consent, Right of portability, Right to be forgotten

How old is your facebook picture? (No, don't tell me, I don't care.)  How much of our privacy...

Read More...

Decision 2010/87/EU

EU Data Protection Authorities Approve Google’s Cloud Commitments for International Data...

Read More...

Description Criteria - AICPA Guidance for Cybersecurity Risk Management Program

Effective April 15th 2017, AICPA's New Cybersecurity Risk Management Examination Report

Read More...

Do We Even Have to Say This?

Why, in an evolved society, would we need a policy that prohibited employees from making...

Read More...

Example of a Great Web Privacy Policy

I like this privacy policy.  

Read More...

GDPR Timebomb

 Keith Lipman, Esq. is an outstanding writer and contributor at Read More...

GRC Platforms and Open Standards

Place holder for summary of GRC tools and platforms Place holder for summary of GRC tools and...

Read More...

Green IT - Sustainable Enterprise Services

Question: Is Green Less or More? Climate Change isn't the only reason to care about GREEN...

Read More...

Harmonization

History of controls harmonization is really the history of managing conversations about risk. Cyber...

Read More...

I Want To Know What It's Like

  You need to unblock cookies to view a YouTube video. We find it powerful and timely.  If you prefer...

Read More...

ISO/IEC 27001 Compliance Readiness

ISO/IEC 27001:2005 - now ISO/IEC 27002:2013

Read More...

ITAF

ITAF Information Technology Assurance Framework

Read More...

Laws - most frequently asked in CISSP exam

Here are some laws that come up frequently in technology conversation and are also most often...

Read More...

Marc Vael - Kibersahs 2016

Privacy by Design, presented by Marc Vael, President ISACA Belgium 

Read More...

Maturity vs. Compliance

Making Process Real, a seminar in preparing to meet new regulations for controls as proposed by...

Read More...

Me Tarzan, You Jane: NIST SP800-171 & GDPR Glossary

Me Tarzan, You Jane is my way of reminding everyone that we can't get far without some common...

Read More...

National Cyber Security Strategy 2016-2021 - Gov UK

In order to propose controls that would implement the requirements of the GDPR in UK governed...

Read More...

National Vulnerability Database

National Vulnerability Database

Read More...

NERC CIP

North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) –...

Read More...

New York Department of Financial Services (“DFS”) Cybersecurity Regulation

New York State Department of Financial Services (DFS)  first-in-the-nation cybersecurity regulation to...

Read More...

NIST Cloud Computing Reference Model SP 500-292

NIST Cloud Computing Reference Model SP 500-292

Read More...

NIST SCAP & XCCDF

The Security Content Automation Protocol - SCAP

Read More...

No SOC No $ervice AICPA SSAE 16

AICPA Service Organization Control Reports - SOC 2

Read More...

PCI Compliance Approach

Security and Privacy Issues and Precautions There are Six Steps to Achieving PCI Compliance, seven if...

Read More...

Privacy Resources - Facts, not Fiction

 Risks in Life Logging - ENISA, because Europe saw it coming

Read More...

RunBook UML

Did you know you can export a visio html map of your UML (Unified Model Language) diagram?

Read More...

Security, Privacy, Breach Notification and HIPAA

HIPAA – HITECH, Aligning Secure Host Baselines According to Common Security Framework CSF

Read More...

Talk2Me

[Although this thread is out of date - has some historical value for anyone researching bogus SEO...

Read More...

Telecom Complexity Diagrams

Did you know you can export a visio html map of your UML (Unified Model Language) diagram?

Read More...

This is not my baby picture

"The conference went well, I think, is all I can say for sure."  In spite of actual applause, a...

Read More...

Thoughts On Being Human in the Cloud

Themes of discussion on EnterpriseGRC Solutions - Governance Risk and Compliance, Maturity vs....

Read More...

Today We Work

Today We Work Out of respect to those who waitFor the privilege of perceived usefulnessWe...

Read More...
ISACA

Using Workday to Drive a New Auditing Paradigm - IAM and SOX Controls Automation

The New Auditing Paradigm - IAM and SOX Controls Automation Workday Rising presentation showed an...

Read More...

Virtual Reality, Cyber Security, and Compliance

It is not just a game By Barbara Davi

Read More...

What is the Compliance Science behind Regulatory DNA?

Can you translate your product or industry to the most current regulatory requirements?  Can you...

Read More...

What it Takes to Non-Compete

A fight is going on inside me," he said to the boy. "It is a terrible fight and it is between two...

Read More...

When Will It Stop?

My mother sighed a lot. She pulled on high heeled boots and a big furry hat like the one singers and...

Read More...

Why Align With ISO/IEC 27002:2013?

Tools approach to automating ISO27002 ISMS Policy aligned continuous monitoring

Read More...