This Gartner Magic Quadrant for enterprise governance, risk and compliance (EGRC) platforms presents a global view of Gartner’s assessment of the main software vendors that should be considered by organizations seeking a technology solution to support the oversight and operation of enterprisewide risk management and compliance programs. Buyers should evaluate vendors in all four quadrants. Those from the Niche Players and Visionaries quadrants are driving innovation in areas such as business process modeling of controls and risks, business rules for compliance, policy training and certification, and knowledgebases for risk management and compliance. Challengers often have reasonable functionality and good pricing, but may lag the leaders in advancing their range of GRC functions for specific industries or professional roles. Leaders have proven GRC functionality in all four primary GRC management (GRCM) functions — audit management, compliance management, risk management and policy management — and they have executed across several industries with support for multiple professional roles.

via Magic Quadrant for Enterprise Governance, Risk and Compliance Platforms.

Compliance doesn’t begin and end with the Sarbanes-Oxley Act (SOX). Small and medium-sized businesses (SMBs) must also keep up with the Payment Card Industry’s (PCI) security standards, the Health Insurance Portability and Accountability Act and numerous other regulations and guidelines. It’s a tall order, but it’s one SMBs must face in order to protect their customers and stay in line with standards set by the IT industry as well as the government. This IT Management Guide offers news, insights and resources to help SMBs stay on top of their compliance responsibilities.

Source

Despite broader recognition of the need for securing access to applications and other IT resources, enterprises are still struggling to come to terms with the issues involved with identity and access management, Gartner has warned.

source

In the UK, recorded online banking fraud increased from £23.2m in 2005 to £33.5m in 2006, according to Apacs, the UK payments association.

source

The UK government’s information commissioner Richard Thomas has said he is horrified by the number of banks, government departments, public bodies and other organisations that admitted data breaches in the past year.

source

A study on data leakage prevention found that more than one-third of organizations not using data loss prevention technology had information stolen from their databases within the last 12 months and that 30% of those data breaches impacted bottom-line revenues.

Source