Information Management

Order by:Group by:

Anti-Corruption & Fraud, Risk Assessment

Insider Risk Management Guide (2006)

Anti-Corruption & Fraud, Privacy Laws & Regulation

EU, Opinion 1/2006 on the application of EU data protection rules to internal whistleblowing schemes in the fields of accounting, internal accounting controls, auditing matters, fight against bribery, banking and financial crime

Anti-Corruption & Fraud, Anti-Money Laundering, Information Security, Fraud & Corruption, Information Management

Agreement between the European Union and the United States of America on the processing and transfer of Financial Messaging Data from the European Union to the United States for purposes of the Terrorist Finance Tracking Program (2009)

Anti-Corruption & Fraud, Information Privacy, Information Security

FTC: Red Flags Rule Web Site

Anti-Corruption & Fraud, Information Privacy, Information Security, Workplace Information Privacy

FTC: Fighting Fraud with the Red Flags Rule: A How-to Guide for Business

Anti-Corruption & Fraud, GRC Capability and Processes, GRC Planning and Organization, Information Privacy, Anti-Money Laundering, Information Security, Employment / Labor, Governance, Pre Trial Agreements (Deferred Prosecution Agreements and Non-Prosecution Agreements), Privacy Laws & Regulation, Environmental, Risk Assessment, Ethical Culture, Fraud & Corruption, Helplines/Hotlines, Investigations, Crisis Management & Response, Audit & Evaluation, Information Management, Training & Education, Education & Training, Whistleblowing and Retaliation, Workplace Information Privacy

Regulatory Intelligence by Michael Rasmussen: an Axentis Thought Leadership White Paper

E-Commerce & Internet, Information Security, Privacy Laws & Regulation

Data Privacy and Cross-Border Data Flows
International Privacy and Data Protection Laws (2008)
EU 1995 Data Protection Directive
EU, Working Document: Transfers of personal data to third countries: Applying Article 26 (2) of the EU Data Protection Directive to Binding Corporate Rules for International Data Transfers (2003)
Managing Data in Latin America (2007)
Global Privacy Handbook (2008 Ed.)

E-Commerce & Internet, Information Security

Cyberspace: United States Faces Challenges in Addressing Global Cybersecurity and Governance (GAO, 2010)

GRC Planning and Organization

Standard of Good Practice for Information Security, The (ISF)
Governing for Enterprise Security Implementation Guide (GES)
Six Steps to Better IT GRC (Treasury & Risk Magazine, June 2010)

GRC Planning and Organization, Information Security, Record Retention & Data Management

Compliance vs. Security: Which Should Lead Corporate Governance? (August 2010)

GRC Planning and Organization, Record Retention & Data Management, Information Management

Organizational Transformation: A Framework for Assessing and Improving Enterprise Architecture Management (Version 2.0) (GAO, 2010)

Information Privacy, Information Security, Privacy Laws & Regulation, E-Discovery, Record Retention & Data Management

Record Retention & Data Management

Information Privacy, Workplace Information Privacy

HHS, Office for Civil Rights: Health Information Privacy
OCEG Jurisdiction Survey: Privacy - State Laws Regarding Employee Access to Personnel Records

Information Privacy, Privacy Laws & Regulation, Workplace Information Privacy

45 CFR Part 164.500 et seq., Subpart E, Privacy of Individually Identifiable Health Information (As amended)

Information Privacy, Privacy Laws & Regulation

DOC, Safe Harbor Workbook
Western Hemisphere Data Protection Laws (2010)
After the deadline: a status review of the implementation of the new European cookies rules (2011)

Information Privacy

EU, Documents adopted by the Data Protection Working Party
EU, Commission decisions on the adequacy of the protection of personal data in third countries
UK, Privacy Impact Assessment (PIA) (ICO, 2007)
UK, Ministry of Justice Consultation, Data Sharing Review Report (2008)
UK, Data Protection Audit Manual (ICO, 2001)
UK, Data Protection Act 1998: The Eighth Data Protection Principle and international data transfers (ICO, V 4.0, 2010)
Canada, Office of the Privacy Commissioner
American Institute of Certified Public Accountants (AICPA) Privacy Resources Page
Are You About to be Red Flagged by the FTC?

Information Privacy, Information Security, Workplace Information Privacy

Preventing Identity Theft

Information Privacy, One Minute Polls

OCEG One Minute Poll: Personally Identifiable Information

Information Privacy, Privacy Laws & Regulation, Record Retention & Data Management, Research and Survey Reports

OCEG Benchmarking Series Report 2009 - Managing Privacy Practices

Information Privacy, Privacy Laws & Regulation, Record Retention & Data Management

France: Data Protection Act (CNIL)

Information Privacy, Information Security, Privacy Laws & Regulation

European Data Protection Digest (IAPP)

Information Privacy, Information Security

Red Flag Program Clarification Act of 2010, Public Law 111-319

Information Security, Information Management

Business.Gov: Computer and Information Security

Information Security, Risk Assessment

NIST: Risk Management Guide for Information Technology Systems (2002)
NIST, Risk Management Framework
GAO, Information Security Risk Assessment: Practices of Leading Organizations (1999)
Convergence of Physical and Information Security in the Context of Enterprise Risk Management, The (2007)
Managing risk in the information age (2007)

Information Security

NIST, International Standard ISO/IEC 17799:2000 Code of Practice for Information Security Management (2002)
NIST, Federal Information Security Management Act (FISMA) Implementation Project
Creating a Computer Security Incident Response Team: A Process for Getting Started (2002, Last Updated 2006)
Eight easy ways to protect your company data - and reputation (2008)
Early Warning Signs of IT Project Failure: The Dominant Dozen (2006)
Security Matters, Software Engineering Institute, Carnegie Mellon University
IT Sentinel (UK)
Federal Information Security Management Act of 2002
Government of Canada Publications: IT Security Guidance (ITSG)
IT Compliance Institute (ITCi)
Information Security Forum
ISO Catalog Page: Information technology
IT Security Portal
Information Security and Data Breach Notification Safeguards (CRS, Rev January 28, 2010)
How Vulnerable Is Your Information Technology? (2006)
Survival of the Fittest: Disaster Recovery Design for the Data Center (2008)
UK, 2008 information security breaches survey: technical report (BERR, 2008)
UK, Information security: business assurance guidelines (BERR / DTI)
UK, Incident Management Guidelines (BERR)
A New Era of Compliance: Raising the Bar for Organizations Worldwide (RSA, October 2010)
High Performers and Foundational Controls: Building a Strategy for Security and Risk Management (January 2011)
United Kingdom, Compliance with the data protection framework decision (2011)
United Kingdom, Minstry of Justice Data Protection Web Site

Information Security, Supply Chain Management (SCM)

Beyond the Password: Tackling the challenge of data security for the global supply chain (2007)

Information Security, Privacy Laws & Regulation

Data Breach Kit: Five Steps to Help You Survive the Inevitable
Computer Technology Review
Data Security Breaches: Context and Incident Summaries (CRS, May 7, 2007)
Restrictions and solutions to transfers of personal data within the European Union and from the European Economic Area to other countries (2008 Ed.)
International Data Protection and Privacy Law (2009)
United Kingdom, Guide to data protection – definitions, principles and practical examples

Information Security, Privacy Laws & Regulation, Record Retention & Data Management

Modifications to the HIPAA Privacy, Security, and Enforcement Rules under the Health Information Technology for Economic and Clinical Health Act – Notice of Proposed Rulemaking (July 2010)

Information Security, Record Retention & Data Management

United Kingdom, The Information Commissioner’s response to the Ministry of Justice’s call for evidence on the current data protection legislative framework (October 2010)

Discrimination/Accommodation, Record Retention & Data Management, Workplace Information Privacy

France's Measures on Diversity and Data Protection: The Ten Recommendations of the CNIL (Littler, 2007)

Privacy Laws & Regulation

DOC, Safe Harbor Checklist for U.S. Companies
DHS, REAL ID Proposed Guidelines: Questions & Answers
Comptroller of the Currency, Privacy Laws and Regulations (2000)
DoED, Family Educational Rights and Privacy Act (FERPA) Regulations
UK, Data Protection Technical Guidance Determining What is Personal Data (2007)
DoED, Family Educational Rights and Privacy Act (FERPA)
California, Recommended Practices on Notice of Security Breach Involving Personal Information (2007)
DHS, Privacy Impact Assessment for the Department of Homeland Security General Contact Lists (2007)
DOC, Safe Harbor
FTC, Privacy Initiatives Home Page
FTC, Financial Privacy Rule: Interagency Notice Research Project Home Page
NIST, ITL Security Bulletins
SSL: The handshake that requires scrutiny (June 2007)
Should You Publish a Privacy Policy? (CSO Magazine, 2006)
Storage Technology News: New privacy rules may complicate records management (2007)
CongressLine - The EU Privacy Protection Directive and the U.S. Safe Harbor (2000)
Transferring Personal Data From Europe: Corporations Take Charge (2007)
Solving the Compliance vs. Mobile Dilemma (2006)
Data quality -- the forgotten privacy principle (2007)
Insider Threat (2007)
The ChoicePoint Dilemma: How Data Brokers Should Handle the Privacy of Personal Information (IEEE, 2007)

All Access Pass

OCEG All Access Pass

Related communities
Record Retention & Data Management
Preventing Identity Theft
Featured OCEG Programs
GRC Fundamentals on Demand