Information Management

Order by:Group by:

OCEG Contributed

ISACA
OCEG Benchmarking Series Report 2009 - Managing Privacy Practices
OCEG One Minute Poll: Personally Identifiable Information
OCEG One Minute Poll: Privacy Challenges?
OCEG One Minute Poll: Are You Preventing Identity Theft?
OCEG One Minute Poll: IT GRC - What do you Know?
GRC-XML Whitepaper
LeanGRC™ - Connecting Silos: Lean Information Management
Information Lifecycle Management for Business Data (2007, Oracle)
Data quality -- the forgotten privacy principle (2007)
Collecting Personal Data for E-Discovery (October 2007)
Insider Threat (2007)
Keep your IM-using employees on a need-to-know basis (2007)
IT Governance and Risk Management: Store Your Data to Ensure Compliance (2007)
The ChoicePoint Dilemma: How Data Brokers Should Handle the Privacy of Personal Information (IEEE, 2007)
FAQ: Changes to the Federal Rules of Civil Procedure Affect Storage Plans (2007)
States Launching E-Discovery Rules (2007)
IT Governance Defined
Electronic Files Are Fair Game in Discovery Phase (2007)
Compliance Provides Benefits Beyond The Obvious (2007)
State Security Breach Notification Laws
Court finalises e-discovery rules (2007)
Annual Survey of Electronic Discovery - Symposium Issue (2006-2007)
Electronic Discovery Case Database
New E-Discovery Burden, The (2007)
OCC, FRS, FDIC, OTS - Final Rule: Fair Credit Reporting Affiliate Marketing Regulations (2007)
Compliance Without Tears: Preparation can ease IT's compliance concerns (2007)
Portable security: Full-disk encryption can take a lot of risk out of mobile computing (2007)
Internet Law: How to Transfer Electronic Personal Data from Europe to the United States
Personal data is not a bar to FOI disclosure, rules European court (2007)
Examining E-Discovery Chain of Custody (2007)
Group creates standard to ease e-discovery data transfer (2007)
Electronic Discovery Reference Model ("EDRM")
ANSI, Identity Theft Prevention and Identity Management Standards Panel
Disaster Recovery Planning for CIOs (2007)
Creating a Computer Security Incident Response Team: A Process for Getting Started (2002, Last Updated 2006)
EPIC's International Data Retention Page
E-Discovery Requests: Know Your Limits (2007)
Board Oversight of Information Technology - Data Privacy and Data Security: The New Imperative (2007)
Taking Control of Information: Managing Discovery (2007)
Sedona Principles
DIRKS
EU approves minimal data protection standards (2007)
AGREEMENT between the European Union and the United States of America on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the United States Department of Homeland Security (DHS) (2007 PNR Agreement)
FTC's Website Privacy and Security Rules for Every Business, The (2007)
Develop Effective Archive Policies Before FRCP Compliance Becomes a Problem (2008)
Guide to NIST Information Security Documents
NIST, ITL Security Bulletins
Government of Canada Publications: IT Security Guidance (ITSG)
Information Security Forum
ISO Catalog Page: Information technology
NIST, Federal Information Security Management Act (FISMA) Implementation Project
Federal Information Security Management Act of 2002
Security Matters, Software Engineering Institute, Carnegie Mellon University
Survival of the Fittest: Disaster Recovery Design for the Data Center (2008)
Practical Disaster Recovery Planning: A Step-by-Step Guide
DOJ, Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations (2002, with updates)
GRC-XML Working Group Meeting #4 - March 25, 2008
Red Book/GRC Ecosystem Functional Category Alignment - V 1.1
IT Sentinel (UK)
OCEG GRC Glossary - Draft 03-27-08
Q1 2008 OCEG Technology Council Roundtable
Keeping Up With EDD Blogs and Tools (2007)
California, Electronic Discovery: Legislation and Rules (2008)
Judicial Council proposes new electronic discovery rules (2008)
E-Discovery Keeps an Eye on the Job: Employment-related litigation is shaping e-discovery, still in its infancy (2008)
EDD Update
What to Do About Data in the EU? (2008)
EU, Commission decisions on the adequacy of the protection of personal data in third countries
EU, Opinion 1/2006 on the application of EU data protection rules to internal whistleblowing schemes in the fields of accounting, internal accounting controls, auditing matters, fight against bribery, banking and financial crime
Taxonomy Work Group - Final Presentation before Blueprint Work Group Merger
GRC Technologies Glossary
GRC-XML Work Group Monthly Meeting
OCEG Intellectual Property Agreement
IT Governance Institute's VAL IT Model Overview
E-Discovery Mistakes Might Kill Your Case (2008)
Privacy Meets Incident Reporting, Leaving Companies Reeling
Ask the Analysts: GRC Techology 2008
Eight easy ways to protect your company data - and reputation (2008)
E-Discovery Tips From the Bench (2008)
GRC-XML Work Group Overview - June 6, 2008
ITGI's VAL IT Framework
ISM3 Model V 2.0
EU Parliament split over electronic data protection (2008)
European Commission: Proposed revision of the Directive on electronic data protection (2007)
European Parliament: Webpage on the legislative procedure on the Directive on electronic data protection
Minimizing the Risk That E-Discovery Failures Will Create Corporate Liability (2008)
Easing e-discovery preparation by mapping enterprise data (2008)
Prepared for e-discovery: What to know about content monitoring and filtering (2008)
ISM3 Model V2.1 Overview
OCEG GRC Technology
GRC-XML Work Group Meeting on July 30, 2008
GRC Blueprint Work Group Meeting - July 31, 2008
SEC Provides Guidance to Open Up Use of Corporate Web Sites for Disclosures to Investors (July 30, 2008)
CIO Strategies for the Retention and Deletion of Email (2008)
How to create an e-discovery employee awareness program (2008)
Decisions Up Stakes for Managing EDD (2008)
Global Best Practices in Email Security, Privacy and Compliance (2008)
Andrew's Blog
e-Discovery Team, Electronic Discovery, Electronic Documents, Information Management, Legal, Technology, IT

Member Contributed

Auditing System Conversions (IIA)
Technology - The Institute of Internal Auditors (IIA)
Chief Information Officers Council (CIO)
NIST: Risk Management Guide for Information Technology Systems (2002)
GAO, Information Security Risk Assessment: Practices of Leading Organizations (1999)
The ABCs of the IT Infrastructure Library (ITIL)
Corporate Information Security Working Group: Report of the Best Practices and Metrics Teams
International Association of Privacy Professionals (IAPP)
American Institute of Certified Public Accountants (AICPA) Privacy Resources Page
Discovery Trailblazers: Companies create new positions to deal with e-discovery dilemmas (2006)
GRC Illustrated Series: #7 What Are The Elements Of Privacy Risk Management And Compliance?
SSL: The handshake that requires scrutiny (June 2007)
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data
OECD Privacy Statement Generator
UK, Information Commissioner's Office (ICO)
Canada, Office of the Privacy Commissioner
Canada, Personal Information Protection and Electronic Documents Act (PIPEDA) Information Kit for Businesses
DOC, Safe Harbor
DOC, Safe Harbor Checklist for U.S. Companies
Data Security Breaches: Context and Incident Summaries (CRS, May 7, 2007)
France's Measures on Diversity and Data Protection: The Ten Recommendations of the CNIL (Littler, 2007)
Data Breach Kit: Five Steps to Help You Survive the Inevitable
IT Compliance Institute (ITCi)
Australia Office of the Privacy Commissioner
Canada, Personal Information Protection and Electronic Documents Act Site
Online Guide to International Privacy Resources (EPIC)
Tech Law Journal Online
Medical Privacy - National Standards to Protect the Privacy of Personal Health Information (HIPAA)
GPO, Privacy Act Issuances
DOC, Safe Harbor Workbook
Privacy Act of 1974, as amended (5 U.S.C. § 552a)
E-Discovery and the EU: European Data Privacy Regulations Every Litigator Should Know (2006)
Patchwork of Privacy Regulations (CSO Magazine, 2006)
Should You Publish a Privacy Policy? (CSO Magazine, 2006)
U.S. Security Awareness
Insider Risk Management Guide (2006)
DHS, REAL ID Proposed Guidelines: Questions & Answers
DHS, Notice of Proposed Rulemaking: REAL ID (March 2007)
Managing Preservation Obligations After The 2006 Federal E-Discovery Amendments (2007)
Information Governance Engagement Area
FCC, Customer Proprietary Network Information, Final Rule (2007)
Executive Overview of Generally Accepted Privacy Principles
Personal Information: Data Breaches Are Frequent, but Evidence of Resulting Identity Theft Is Limited, However, the Full Extent Is Unknown (GAO, 2007)
eDiscovery for Structured Data
Landmark Federal Discovery Rules Amendments Have Become Effective. Are You Ready? (2006)
Next in Data Protection Management to Ensure Business Continuity and Compliance (2007)
EDD Blog Online
Electronic Discovery Institute
Why Compliance Pays: Reputations and Revenues at Risk: Executive Summary – July 2007
Data Storage Today
Storage Technology News: New privacy rules may complicate records management (2007)
Identity Governance Framework (IGF) Site (Oracle, 2008)
Id Governance - Identity Privacy and Access Policy Marketing Requirements Document Use Cases Version: 1.0 (2007)
Identity Governance Framework (2006)
HIPAA Litigation Risk Management: Essential Security Stop-Gaps for Privacy Implementation (2002)
Comptroller of the Currency, Privacy Laws and Regulations (2000)
DoED, Family Educational Rights and Privacy Act (FERPA) Regulations
IT Executives Offered Japanese Compliance Rules (August 2, 2007)
NIST, International Standard ISO/IEC 17799:2000 Code of Practice for Information Security Management (2002)
Developing Concept Of "National E-Discovery Counsel", The (Jan. 2007)
E-Discovery And Records Management: A Risk-Based Approach (July 2007)
DiscoveryResources.org: Electronic Discovery News
New Federal Procedural Rules on Electronic Discovery: Writing Technology Into the Litigation Process, The (ABA, May 2006)
Report Regarding Changes to Discovery Rules Regarding Electronic Discovery (ABA, 2005)
E-Discovery Archives, Richmond Journal of Law & Technology (2004 - 2008)
IT Security Portal
Search Privacy Practices: A Work In Progress (CDT, August 2007)
Daily Tech
FTC, Privacy Initiatives Home Page
Interagency Proposal for Model Privacy Form Under the Gramm-Leach-Bliley Act; Proposed Rule (2007)
FTC, Financial Privacy Rule: Interagency Notice Research Project Home Page
OCEG Critical Conversations Series: CIO at the Center (2007)
Insurers Taking Stock of E-Discovery Costs (August 2007)
Re-Thinking Your Disaster Recovery Strategy (2007)
Leveraging Content Management Systems for e-Discovery (August 2007)
Computer Technology Review
Convergence of Physical and Information Security in the Context of Enterprise Risk Management, The (2007)
CongressLine - The EU Privacy Protection Directive and the U.S. Safe Harbor (2000)
EU/UK, Data Retention (EC Directive) Regulations 2007
Canadian Privacy Law Blog
Australia, Federal Privacy Act Page
Next Up, E-discovery Challenges: Amended litigation rules force governments to rethink their electronic document options (August 2007)
UK, Data Protection Technical Guidance Determining What is Personal Data (2007)
DoED, Family Educational Rights and Privacy Act (FERPA)
United States Computer Emergency Readiness Team (US-CERT)
California, Recommended Practices on Notice of Security Breach Involving Personal Information (2007)
Early Warning Signs of IT Project Failure: The Dominant Dozen (2006)
FTC, Broadband Connectivity: Competition Policy (June 2007)
Understanding The World Of E-mail: How It Can Significantly Increase Or Decrease The Costs Of Electronic Discovery - Part I (2007)
Understanding The World Of E-mail: How It Can Significantly Increase Or Decrease The Costs Of Electronic Discovery - Part II (2007)
Beyond the Password: Tackling the challenge of data security for the global supply chain (2007)
Information Security and Data Breach Notification Safeguards (CRS, Rev January 28, 2010)
Taming the World of Unstructured Data (2007)
Special Reports: E-discovery (2007)
Integrate Archiving with Disaster-Recovery Plan (2007)
ALRC Discussion Paper 72: Review of Australian Privacy Law
Managing risk in the information age (2007)
Transferring Personal Data From Europe: Corporations Take Charge (2007)
E-Discovery 'Fiasco' Stalls Case, Hikes Costs (2007)
Meeting Compliance and Privacy Requirements - The Case for Electronic Distribution (2007)

All Access Pass

OCEG All Access Pass

Related communities
Record Retention & Data Management
Preventing Identity Theft
Featured OCEG Programs
GRC Fundamentals on Demand