InfoQ Homepage Compliance Content on InfoQ
-
/articles/ransomware-resilient-storage-cyber-defense/en/smallimage/ransomware-resilient-storage-cyber-defense-thumbnail-1755589602893.jpg)
Ransomware-Resilient Storage: the New Frontline Defense in a High-Stakes Cyber Battle
Cybersecurity has evolved, with ransomware now primarily targeting data storage and backups. To combat this, modern defense strategies focus on making storage systems more resilient. Key tactics include using immutable storage that prevents data from being altered or deleted, employing AI-powered detection, and implementing air-gapping to create isolated, tamper-proof recovery points.
-
/articles/cloud-prem-architecture-challenges/en/smallimage/cloud-prem-architecture-challenges-thumbnail-1750753890389.jpg)
Engineering Principles for Building a Successful Cloud-Prem Solution
Discover how Cloud-Prem solutions combine cloud efficiency with on-premise control, meeting data sovereignty and compliance demands while optimizing operational costs and enhancing customer security.
-
/articles/risk-first-compliance/en/smallimage/from-compliance-first-to-risk-first-small-1703233223207.jpg)
From Compliance-First to Risk-First: Why Companies Need a Culture Shift
Transitioning from a "Compliancе-First" approach to a "Risk-First" mindset rеcognizеs that compliancе should not be viеwеd in isolation, but as a componеnt of a broadеr risk managеmеnt strategy.
-
/articles/work-with-auditors-influence-experience/en/smallimage/how-to-work-with-your-auditors-to-influence-a-better-audit-experience-small-1700211878723.jpg)
How to work with Your Auditors to Influence a Better Audit Experience
It is possible to influence a better audit experience, transforming it from a check-the-box exercise with little perceived value to one of true value that helps set you up for success, and with way less pain. This article explores how to experiment with adding agility into audit work while auditing a client, which can lead to better outcomes for you and your auditors.
-
/articles/devsecops-policy-management/en/smallimage/evolving-devSecOps-to-include-policy-management-small-image-1653470095778.jpg)
Evolving DevSecOps to Include Policy Management
A thorough implementation of policy management tools is required for effective compliance and security management in a DevOps environment. Companies that accept policy management in DevSecOps as a way of development and have adopted some level of policy management best practices tend to operate more efficiently.
-
/articles/book-review-cyber-securities/en/smallimage/cybersecurity-logo-small-1607015545941.jpg)
Q&A on the Book Cybersecurity Threats, Malware Trends and Strategies
The book Cybersecurity Threats, Malware Trends and Strategies by Tim Rains provides an overview of the threat landscape over a twenty year period. It provides insights and solutions that can be used to develop an effective cybersecurity strategy and improve vulnerability management.
-
/articles/data-driven-privacy-architecture/en/smallimage/Privacy-Architecture-for-Data-Driven-Innovation-logo-1580376548756.jpg)
Privacy Architecture for Data-Driven Innovation
This article lays out how you build an internal data governance architecture early in the ingestion phase, which enables you to allocate risk to data and identify such data in your systems. You can then protect the data accordingly. The second half of this article lays out various techniques to share data in a privacy-conscious manner.
-
/articles/devops-challenges-large-insurance/en/smallimage/logo.jpg)
Respect Your Organisational Monoliths
There is a lot of information about DevOps, the technology, the culture, the behaviour. There is not a lot of information about tackling DevOps in large enterprises and there is certainly very little about tackling DevOps in large financial organisations. This article presents lessons learnt rolling out DevOps in a large insurance organisation.
-
/articles/towards-agile-software-architecture/en/smallimage/logo.jpg)
Towards an Agile Software Architecture
Boyan Mihaylov covers his experience when working with both traditional waterfall software architectures and agile ones. He depicts the similarities and differences between these with a focus on three areas: the specifics of the software architect role, the timespan of the software architecture, and the output of the software architecture.
-
/articles/cloud-security-at-scale/en/smallimage/logo.jpg)
A Pragmatic Approach to Scaling Security in the Cloud
Security. Cloud. Two words that are almost always together but rarely happily. Read on to learn why that isn’t the case and what you need to known about securing your critical infrastructure in the cloud.
-
/articles/managing-security-requirements-in-agile-projects/en/smallimage/logo.jpg)
Managing Security Requirements in Agile Projects
Managing security requirements from early phases of software development is critical. Most security requirements fall under the scope of Non-Functional Requirements (NFRs). In this article, author Rohit Sethi discusses how to map NFRs to feature-driven user stories and also how to make security requirements more visible to the stakeholders.
-
/articles/regulatory-compliant-cloud-computing/en/smallimage/article icon.jpg)
Regulatory Compliant Cloud Computing: Rethinking web application architectures for the cloud
Not all data is sensitive and hence an equal and balanced investment in securing all data categories is not justified. This article presents an architecture that leverages cloud-computing, cloud-storage and enterprise key-management Infrastructure(EKMI) to lower costs while complying to data-security regulations.