The 2025 audit landscape is shaped by new regulations and changes in enforcement of existing regulations. In the United States, both changes to longstanding administrative law and the Public Company Accounting Oversight Board (PCAOB) will shape regulations. Despite Federal changes, new regulations like California’s new climate reporting laws will require ... Read More

Chief Information Security Officers (CISOs) face an important milestone on April 30th, 2025: ensuring their organizations are ready to meet the strict requirements of the EU’s Digital Operational Resilience Act (DORA). By April 30th, companies must have established comprehensive registers of information related to their Information and Communication Technology (ICT) ... Read More

As the February 2nd deadline approaches, CISOs and CCOs face the pressing task of aligning their organizations with the EU AI Act’s stringent requirements. Chapter 1, Article 4 mandates AI literacy for all staff involved in AI operations, while Chapter 2, Article 5 prohibits certain practices that could infringe on ... Read More

If approved, the proposed new HIPAA rules will reshape the landscape of healthcare cybersecurity, partially addressing the recent OIG report’s findings on the ineffectiveness of current HIPAA audits. For CISOs, these changes present both opportunities and challenges as they work to enhance their organizations’ cybersecurity practices. The updated compliance requirements ... Read More

As 2025 approaches, emerging regulations and laws will affect how CISOs strategize and protect their organizations. With the increasing complexity of global compliance frameworks, understanding these changes is crucial for maintaining security and operational efficiency. Let’s discuss what I expect regarding regulatory shifts and their implications in 2025 and explore ... Read More

The European Union’s updated Product Liability Directive (PLD) takes effect this month, with a transition period through December 9, 2026. This update substantially changes how product liability applies to digital products sold in the EU. For Chief Information Security Officers (CISOs), understanding this change is crucial. The new PLD extends ... Read More

The California Consumer Privacy Act (CCPA) has set a benchmark for data privacy regulation, significantly influencing state and national approaches to personal information governance. By granting consumers enhanced control over their personal data, the CCPA aims to increase accountability and transparency in business practices. The CPPA oversees the enforcement and ... Read More

Something has been missing in the governance, risk, and compliance (GRC) space: the ability to truly understand an organization’s GRC maturity and the steps it would take to build the business case for change. As a CISO, I was surprised to find that there was no published, widely adopted maturity ... Read More

Last year, the Securities and Exchange Commission (SEC) announced new disclosure rules for publicly traded companies. Regulation S-K Item 106, which mandates cybersecurity disclosures in corporate 10-K filings, sheds light on how companies are navigating regulatory expectations in this digital age. This is the first time companies have been required ... Read More

Mastering the risk assessment process in the dynamic Governance, Risk, and Compliance (GRC) landscape is fundamental for your business’s stability and growth. Starting from scratch or regularly updating your risk register might seem overwhelming, but your investment of time and money protects you from harm. The modern era of GRC ... Read More