Information Management

Order by:Group by:

Competitive Practices, Information Management, Supply Chain Management (SCM)

CSO Security and Risk Magazine Archive

Employment, Information Management

HHS, Office for Civil Rights: Health Information Privacy
France's Measures on Diversity and Data Protection: The Ten Recommendations of the CNIL (Littler, 2007)
Asia-Pacific Region at the Privacy Crossroads (2008)
UK, Retention of personnel and other related records (CIPD, 2008)

Financial Assurance, Information Management

Interagency Proposal for Model Privacy Form Under the Gramm-Leach-Bliley Act; Proposed Rule (2007)

Financial Assurance

SEC: Consolidated Audit Trail, Proposed Rule (June 2010)

Governance, Information Management

OCEG Critical Conversations Series: CIO at the Center (2007)
IT Governance Standard, ISO/IEC 38500:2008 Order Page (2008)
ISO/IEC 27006:2007 Order Page: Information technology -- Security techniques -- Requirements for bodies providing audit and certification of information security management systems (2007)
Effective Information Governance: A Key Component to Improving Information Quality (2007)
Board Oversight of Information Technology - Data Privacy and Data Security: The New Imperative (2007)

Governance

Trust Services: A Better Way to Evaluate I.T. Controls (2005)

Information Management

Record Retention & Data Management
Business.Gov: Computer and Information Security
45 CFR Part 164.500 et seq., Subpart E, Privacy of Individually Identifiable Health Information (As amended)
NIST, Managing Risk from Information Systems, Second Public Draft (April 2008)
ISO 27001 - The Information Security Management Standard
IT Governance Defined
FTC's Website Privacy and Security Rules for Every Business, The (2007)
Enterprise Data Classification: A Distributed Problem Requires a Distributed Solution (2007)
European Commission: Proposed revision of the Directive on electronic data protection (2007)
European Parliament: Webpage on the legislative procedure on the Directive on electronic data protection
Easing e-discovery preparation by mapping enterprise data (2008)
Prepared for e-discovery: What to know about content monitoring and filtering (2008)
How to create an e-discovery employee awareness program (2008)
Decisions Up Stakes for Managing EDD (2008)
Global Best Practices in Email Security, Privacy and Compliance (2008)
eDiscovery, Digital Evidence and Information Security Law - Info Tech Law On The Edge
EPIC's Data Retention Page
Demonstrating Good Faith in ESI Preservation (2008)
State by State Summary Report of E-Discovery Efforts
AICPA, Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®) (2006)
Achieving Data Privacy in the Enterprise (2008)
When to shred: Purging data saves money, cuts legal risk (2008)
Privacy Guide - Asia and the Pacific (2007)
Implementing an Identity Management Solution (SAP, 2007)
Japan: Personal information privacy update (2007)
Preparing for e-discovery: Why firms need data retention policies (2008)
Information Technology Auditing and Cybercommerce: A Risk Perspective (2004)
World Data Protection Authorities
APEC Privacy Framework (2005)
Seeing the Future of Search in E-Discovery (2008)
How to create an e-discovery employee awareness program (2008)
CIO's Guide to Mobile Security, The (2008)
Understanding Today's Privacy Regulations Solutions (2008)
New Legal Discovery Mandates Transcends Traditional Search Capabilities (2008)
NIST, Information Security Handbook: A Guide for Managers (2006)
NIST, Guidelines on Electronic Mail Security (2007)
NIST, Computer Security Division, Computer Security Resource Center, Special Publications
SANS' Information Security Reading Room
Tools for Defense In-Depth: SANS What Works
United Kingdom Data Retention Electronic Communications Regulations 2007
EU, FAQs on Binding Corporate Rules (BCR), Article 29 Working Party (2008)
BlogInfoSec.com: An Information Security Magazine in a Blog Format
Email Retention and Archiving: Manage Electronic Records, Minimize Workplace Risks and Maximize Compliance (2008)
New UK E-Privacy Regulations (2003)
UK, Data Protection Act 1998
UK, THE ICO's Data Protection Act Page
Records management: BEWARE, PREPARE (2008)
DIRECTIVE 2006/24/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public ... (EU, 2006)
ARMA International
Data retention: Selected requirements by data type
The Seven Deadly Sins of Records Retention (2006)
European Commission Decision on standard contractual clauses for the transfer of personal data to processors established in third countries, under Directive 95/46/EC (2001)
Privacy Meets Incident Reporting, Leaving Companies Reeling
GRC Illustrated Series: #7 What Are The Elements Of Privacy Risk Management And Compliance?
Governing for Enterprise Security Implementation Guide (GES)
Convergence of Physical and Information Security in the Context of Enterprise Risk Management, The (2007)
Beyond the Password: Tackling the challenge of data security for the global supply chain (2007)
Early Warning Signs of IT Project Failure: The Dominant Dozen (2006)
IT Sentinel (UK)
IT Security Portal
Information Security and Data Breach Notification Safeguards (CRS, Rev January 28, 2010)
EU, Documents adopted by the Data Protection Working Party
UK, Data Protection Technical Guidance Determining What is Personal Data (2007)
California, Recommended Practices on Notice of Security Breach Involving Personal Information (2007)
DHS, Privacy Impact Assessment for the Department of Homeland Security General Contact Lists (2007)
DOC, Safe Harbor
FTC, Privacy Initiatives Home Page
FTC, Financial Privacy Rule: Interagency Notice Research Project Home Page
NIST, ITL Security Bulletins
CongressLine - The EU Privacy Protection Directive and the U.S. Safe Harbor (2000)
Transferring Personal Data From Europe: Corporations Take Charge (2007)
Solving the Compliance vs. Mobile Dilemma (2006)
Compliance Provides Benefits Beyond The Obvious (2007)
Portable security: Full-disk encryption can take a lot of risk out of mobile computing (2007)
Internet Law: How to Transfer Electronic Personal Data from Europe to the United States
Personal data is not a bar to FOI disclosure, rules European court (2007)
Daily Tech
Guide to NIST Information Security Documents
Computer Technology Review
UK, Information Commissioner's Office (ICO)
Australia Office of the Privacy Commissioner
EU/UK, Data Retention (EC Directive) Regulations 2007
Australia, Federal Privacy Act Page
EU, Promoting data protection by privacy-enhancing technologies (PETS)
ANSI, Identity Theft Prevention and Identity Management Standards Panel
Search Privacy Practices: A Work In Progress (CDT, August 2007)
Data Security Breaches: Context and Incident Summaries (CRS, May 7, 2007)

All Access Pass

OCEG All Access Pass

Related communities
Record Retention & Data Management
Featured OCEG Programs
GRC Fundamentals on Demand