Addressing the caveats of regulatory compliance is like approaching any other risk. We will look at the risk and then we will develop a plan to mitigate the risk. Sounds simple, right? Good, because it really is as long as we know what we need to do....

Just a heads up that Microsoft soon will be making available a beta version of a Regulatory Compliance Planning Guide that my team (Solutions for Security and Compliance) is developing. This guide will help readers understand the types of controls that...

There are a lot of legislative bodies that are requiring IT to protect information for different reasons. It would appear that IT Professionals now need to add paralegal to their repertoire as we address some of the new challenges to defending the enterprise...

A problem for regulatory compliance document and data management systems can be employee subversion, whereby employees try to find ways around the hurdles in the management system. They might create their own local copies of documents or spread sheets...

Regulatory Compliance (RC) is a treasure trove of value. From better business intelligence to improved security, the benefits of RC abound. The key is to understand the payback and how to get it. It is a mistake to view costs of RC as greatly outweighing...

ITGI and the UK government's Office of Government Commerce (OGC) have released a paper that shows how ITIL and ISO 17799 can be mapped up under the COBIT framework. This seems like a valuable thing to me, since one of the main complaints about COBIT ...

Toward the end of last year, the IT Governance Institute released the latest version of their Control Objectives for IT framework (COBIT 4.0). They have simplified the framework a bit, as well as added a maturity model at the high-level control objective...

There's a new page on Technet that lists regulatory compliance resources currently available from Microsoft. The URL is http://www.microsoft.com/technet/security/learning/compliance/all/default.mspx . Additional resources will be added to this page as...

This is your opportunity to vent! What causes you the most heartburn around compliance. Is it the auditors? the documentation? the requests for evidence? Leave your biggest compliance headache in the comments. --Bill Canning

According to this article , two-thirds of CIOs say that SOX spending is a high-priority, and of those, almost 50% say that spending on SOX will increase. --Bill Canning

One of my co-workers has just released a beta version of a very cool toolkit for shared computers. You can find out more here . --Bill Canning

AMR Research recently released their predictions for regulatory compliance spending. In short, they predict spending of $15.5 billion for 2005, and $80 billion over the next 5 years. See the article here .

There may be a new law to comply with: a federal data breach notification law (a la California SB-1386). See http://www.msnbc.msn.com/id/8318664/ for more information. --Bill