Upping Your Game: Episode 1 – Meeting Hui Chen’s Challenge
SBR – Author’s Podcast: Understanding Complexity with Dr. Jean Boulton, Part 1: Ethics, Compliance, and Organizational Dynamics
Innovation in Compliance: Exploring the Fractional COO Model with La Tonya Roberts
Daily Compliance News: April 29, 2025, The GenZ/RTO Edition
Adventures in Compliance: The Novels – A Study in Scarlet, Introduction to Compliance Lessons
FCPA Compliance Report: From Compliance to Commercial Value: Removing Friction with AI
Compliance Tip Of the Day: Using AI to Transform Whistleblower Response
Because That’s What Heroes Do: Deep Space 9 – Episode 30: Deep Trek Themes from Tacking into the Wind
Compliance Tip of the Day: The Future of Continuous Monitoring
FCPA Compliance Report: Ellen Hunt on Compliance ROI and on a Due Diligence and the US Sentencing Guidelines
Compliance and AI: Transforming Compliance Through AI with Marcelo Erthal
Breaking Down the Shifting Vaccine Policy Landscape – Diagnosing Health Care Video Podcast
Compliance Tip of the Day: Leveraging AI for Real-Time Third-Party Risk Management
FCPA Compliance Report: Amanda Carty on a Due Diligence and Risk Management
Innovation in Compliance: Design-Centric Compliance Training with Karen Oddo
Compliance Tip of the Day: AI and Predictive Analytics
FCPA Compliance Report: Kristy Grant-Hart on A 360° Review of the Future of Compliance
Great Women in Compliance: Creating Space to Speak Up: The Story Behind Psst.org
Daily Compliance News: April 23, 2025, The R-E-S-P-E-C-T Edition
Aligning Business Goals with Legal Strategies Amid Regulatory Change – Speaking of Litigation Video Podcast
Major changes are coming again to the Federal Risk and Authorization Management Program ("FedRAMP"), the federal government's cybersecurity authorization program for cloud service providers ("CSPs")....more
What exactly is data exfiltration, and why should organizations be concerned about it? Data exfiltration is the movement or migration of company-owned trade secrets or intellectual property outside of the enterprise. It...more
The demand for data centers is continuing to accelerate, fueled largely by generative artificial intelligence (Gen AI), broader digital transformation, and organizations migrating to cloud infrastructure. Gen AI adoption...more
Introduction to DORA and its Implications - As of Jan.17, 2025, the European Union’s Digital Operational Resilience Act (DORA) became enforceable. This new regulatory framework significantly impacts financial institutions and...more
Tool sprawl is paralyzing enterprise security teams. Learn how to shift from fragile, over-engineered stacks to agile security architectures that accelerate progress....more
WHAT: FedRAMP has announced that it will be working on a new framework for authorization and assessment of cloud services for federal consumption, calling the initiative “FedRAMP 20X” (announcement here). In response to...more
Even the strongest IT/DR plans can fail if they aren’t proactive about avoiding these common mistakes. When systems go down, business grinds to a halt. Downtime leads to $9,000 in losses per minute on average, damaged...more
If you hang out with CISOs like I do, shadow IT has always been a difficult problem. Shadow IT refers to refers to “information technology (IT) systems deployed by departments other than the central IT department, to bypass...more
Ready to ditch outdated guidelines and adopt a fresh take on your IT Disaster Recovery plans? Spring is the season of renewal, making it the perfect time to refresh not only physical spaces but also strategies and...more
We live in an era in which information is a valuable commodity. Access to data, ideas, and trade secrets is in high demand, particularly for individuals or companies seeking to profit from this information. One way they gain...more
Organizations seeking to improve their cybersecurity posture in 2025 must assess what happens after an incident has occurred, and how an incident response team will be able to mobilize to respond. This article provides...more
The European Supervisory Authorities (ESAs) have published a roadmap for the designation of critical ICT third-party service providers (CTPPs) under the EU Digital Operational Resilience Act (DORA). The roadmap of key dates...more
On May 31, 2025, the Alberta Security Management for Critical Infrastructure Regulation (the Regulation) will come into force and is expected to alter existing security requirements for critical resource infrastructure in...more
The European Central Bank (ECB) has published an updated version of the threat intelligence-based ethical red teaming framework (TIBER-EU framework) (dated January) to align with the Digital Operational Resilience Act (DORA)...more
The European Banking Authority (EBA) has published a final report with amending guidelines in respect of Guidelines EBA/GL/2019/04 on ICT and security risk management. The EBA reviewed the Guidelines in light of the Digital...more
North Korean IT operatives are infiltrating U.S. and Western companies using stolen or fabricated identities, VPNs, and U.S.-based co-conspirators to gain unauthorized access to corporate systems. These insider threats pose...more
Feel confident tackling any threat with a unified incident management approach that integrates roles, communication, and recovery tasks. Small and medium-sized organizations without a disaster recovery plan are 40% more...more
Balancing Business Continuity and IT Disaster Recovery is crucial for robust organizational resilience. So, how does your organization integrate both strategies for maximum impact?...more
On January 8, 2025, the Department of Justice (“DOJ”) published its final rule addressing Executive Order (E.O.) 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data...more
WHAT: The FAR Council published a proposed rule to incorporate the Controlled Unclassified Information (CUI) Program into the acquisition process and, in doing so, seeks to more clearly define government and contractor roles...more
The European Supervisory Authorities have published a joint report on the feasibility of further centralization of the reporting of major ICT-related incidents by financial entities to competent authorities. The ESAs' joint...more
Beginning 17 January 2025, the Digital Operational Resilience Act (DORA) will apply to almost all EU financial entities, including banks, insurers and reinsurers, brokers , payment and electronic money institutions,...more
The recent indictment of 14 North Korean nationals for fraudulently obtaining remote IT jobs with U.S.-based companies underscores the importance of vigilant hiring practices. Our Privacy, Cyber & Data Strategy and...more
The Cybersecurity and Infrastructure Security Agency (CISA) unveiled new cyber performance goals aimed at addressing risks to software development and product design in the IT sector. Last week, the Cybersecurity and...more
The EU Cyber Resilience Act (CRA) entered into force on 10 December 2024. The CRA is the first legislation of its kind in the world that aims to enhance the cyber security of products or software with a digital component...more