We use cookies to deliver you the best experience on our website. By continuing to use our website, you consent to our cookie usage and revised Privacy Statement.

Filter By:

Type

Topic

Recent Blogs & Podcasts

Insights Portal

\ GRC 



June 19, 2018 | Encryption, Digital Signatures, Certificates, Tokenization
By Aaron Turner, IANS Faculty

 Three Success Factors for SSH Key Management

Despite the fact that most enterprises use hundreds of thousands of SSH keys on a regular basis, few have the right pieces in place to manage them effectively. In this Ask-an-Expert written response, IANS Faculty Aaron Turner says successful SSH key management depends on three factors: strong configuration management, mature service management and effective policy management.

Read More »


June 15, 2018 | Regulations & Legislation
By Mark Clancy, IANS Faculty

 Tackling the New York State Department of Financial Services (NYDFS) Cybersecurity Requirements

While the bulk of the new NYDFS cybersecurity requirements took effect in March, rules on audit logging, application security, data retention and risk based monitoring for staff with access to nonpublic information come into effect this September. In this webinar, IANS Faculty Mark Clancy will address some of the major pain points such as data at rest encryption, continuous monitoring, and notification of “events." He will also detail strategies for complying with the NYDFS requirements right now, in the coming months, and looking ahead to the implementation date for third parties.

Read More »


June 13, 2018 | Risk Management

 Risk Acceptance Template

This template for a risk acceptance memo is designed both to drive discussion, and provide an opportunity for business stakeholders (e.g., the system owner, business owner, etc.) to understand and perhaps even challenge the associated risk assumptions, constraints and calculations.

Read More »


May 15, 2018 | Security Policies and Strategy
By Aaron Turner, IANS Faculty

 Ensure Employees Follow Acceptable Use Guidelines

In the age of social media, ensuring employees know and follow acceptable use guidelines for corporate assets is both more difficult and more critical. In this Ask-an-Expert written responses, IANS Faculty Aaron Turner says behavior-driven policies and frequent reminders about data monitoring, storage and disclosure obligations are key.

Read More »


May 10, 2018 | Regulations & Legislation
By Rebecca Herold, IANS Faculty

 Overview of Privacy Laws in South America

While privacy legislation in South America tends to follow trends set by European regulations in general, each of the 12 countries in the region has its own unique rules and protections. In this Ask-an-Expert written response, IANS Faculty Rebecca Herold offers a country-by-country breakdown of South American privacy laws and protections.

Read More »


May 3, 2018 | Enterprise and IT Compliance Management
By Josh More, IANS Faculty

 Limit PCI Scope During Payment Processor Transitions

Outsourcing payment processing to a third-party is a great way to limit PCI scope, but issues with migrating data can also lead to vendor lock-in. In this Ask-an-Expert written response, IANS Faculty Josh More suggests some ways to limit PCI scope while transitioning to new processors, including maintaining a "shadow" database.

Read More »


April 30, 2018 | Privacy
By George Gerchow, IANS Faculty

 GDPR-Compliant Privacy Policy Template

This is a template for a very mature privacy policy that covers General Data Protection Regulation (GDPR) Articles 4, 9, 14, 17 and 30. It is designed to clearly communicate how much the company cares about data privacy, what kind of data it potentially handles and how users/customers can delete it. 

Read More »


March 26, 2018 | Regulations & Legislation
By Marty Gomberg, IANS Faculty

 GDPR: What’s in Scope?

Organizations are scrambling to get compliant with the EU's new General Data Protection Regulation (GDPR) before it comes into force in May, but figuring out exactly what kind of data is governed by the law isn't straightforward. In this Ask-an-Expert written response, IANS Faculty Marty Gomberg clarifies the issue.

Read More »