Regulatory Intelligence by Michael Rasmussen: an Axentis Thought Leadership White Paper resource White Papers Member contributionOCEG Reviewed
"The old paradigm of regulatory change management is clearly a recipe for disaster given the volume, pace of change
Umbrellas for Clouds: Applying Outsourcing Risk Mitigation Strategies to SaaS Transactions resource Articles OCEG Reviewed
Executive Summary: From a legal compliance and risk management perspective, outsourcing – the act of engaging a third party for a period of time to provide services that had previously been performed internally – shares many similarities with software as a service (SaaS) transactions – procuring access to software as a service hosted by a third party instead of through more traditional licensin
Organizational Transformation: A Framework for Assessing and Improving Enterprise Architecture Management (Version 2.0) (GAO, 2010) resource Standards and Guidelines OCEG Reviewed
Summary: Effective use of an enterprise architecture (EA) is a hallmark of successful organizations and an essential means to achieving a desired end: having operations and technology environments that maximize institutional mission performance and outcomes.
European Data Protection Law: Corporate Compliance and Regulation (Oxford University Press, April 2008) resource Research / Studies OCEG Reviewed
Author: Christopher Kuner
An overview of laws, treaties and action updates of the EU Member States and Non-Members on data privacy protection.
Agreement between the European Union and the United States of America on the processing and transfer of Financial Messaging Data from the European Union to the United States for purposes of the Terrorist Finance Tracking Program (2009) resource International Materials OCEG Reviewed
The aim of this Agreement is to ensure, with full respect for the privacy, protection of personal data, and other conditions set out in this Agreement, that relevant financial information is available to the competent law enforcement, public security or counter terrorims authorities of both US and EU and its Member States for the purpose of the prevention, investigation, detection, or prosecuti
Council of Europe (COE) - Convention on Cybercrime, CETS No. 185 (GRECO, 2001, Rev. 2010) resource International Materials
Introduction: The new technologies challenge existing legal concepts. Information and communications flow more easily around the world. Borders are no longer boundaries to this flow. Criminals are increasingly located in places other than where their acts produce their effects. However, domestic laws are generally confined to a specific territory.
NIST, Security Content Automation Protocol (SCAP) Web Site resource Agency Web Sites
The Security Content Automation Protocol (SCAP) is a synthesis of interoperable specifications derived from community ideas. Community participation is a great strength for SCAP, because the security automation community ensures the broadest possible range of use cases is reflected in SCAP functionality. This Web site is provided to support continued community involvement.
The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0 (NIST, SP 800-126, 2009) resource Agency Guidances
Executive Summary:
GRC Forum Report - Proving the Value of IT for GRC resource OCEG Reviewed
Emphasizing the critical role collaboration plays in a successful GRC strategy, OCEG brought together a diverse set of professionals across a range of expertise and types of businesses in the November 2008 OCEG GRC Forum in Dallas, Texas.
Business.Gov: Computer and Information Security resource Agency Web Sites Member contributionOCEG Reviewed
This page on Business.Gov's web site includes:
