News & Analysis as of

Risk Management Information Technology

Morgan Lewis - Tech & Sourcing

Global Capability Centers: The Next Gen of Delivery Models

2025 has seen a notable push by companies to establish dedicated capability centers—or global capability centers (GCCs)—in countries with lower-cost resources and access to a strong talent pool. According to S&S Insider, the...more

Troutman Pepper Locke

Inside New Commerce Tech Restrictions: Mitigation Strategies

Troutman Pepper Locke on

The U.S. Department of Commerce’s Bureau of Industry and Security has issued the final rule that will determine how its Information and Communications Technology and Services regulations will work going forward....more

Troutman Pepper Locke

Inside New Commerce Tech Restrictions: Key Risk Takeaways

Troutman Pepper Locke on

The U.S. Department of Commerce’s Bureau of Industry and Security has issued the final rule that will determine how its Information and Communications Technology and Services regulations will work going forward. Originally...more

Davis Wright Tremaine LLP

FedRAMP 20x Initiative Promises Major Changes for Federal Cloud Service Providers

Major changes are coming again to the Federal Risk and Authorization Management Program ("FedRAMP"), the federal government's cybersecurity authorization program for cloud service providers ("CSPs")....more

A&O Shearman

EC publishes draft delegated regulation on subcontracting RTS under DORA

A&O Shearman on

On March 24 2025, the European Commission (EC) adopted the final draft Delegated Regulation setting out Regulatory Technical Standards (RTS) for subcontracting ICT services supporting critical or important functions under the...more

Purpose Legal

How to Prevent Data Exfiltration and Protect Your IP – Q&A with Steve Davis

Purpose Legal on

What exactly is data exfiltration, and why should organizations be concerned about it? Data exfiltration is the movement or migration of company-owned trade secrets or intellectual property outside of the enterprise. It...more

Morgan Lewis - Tech & Sourcing

Outsourcing Update: The Convergence of Business Process Outsourcing and Digital Enablement

Gone are the days when a company could outsource the “people” that perform a business process without considering, and likely including in the outsourcing arrangement, the digital enablement of the underlying workflows and...more

Mitratech Holdings, Inc

The Vendor Onboarding Process: Keys to Success

What Is Vendor Onboarding? Vendor onboarding is the process of establishing a company as an approved provider of technology, goods, or services to your organization. It’s also an essential early step in the vendor risk...more

Holland & Knight LLP

GSA Announces Overhaul of FedRAMP with Emphasis on Industry Input and Automation

Holland & Knight LLP on

The U.S. General Services Administration (GSA) recently announced plans to develop the Federal Risk and Authorization Management Program (FedRAMP) 20x – a new approach to the government-wide program for the security...more

Morgan Lewis

Data Center Operations: Aligning Supply Chain, Compliance, and Customer Expectations

Morgan Lewis on

The demand for data centers is continuing to accelerate, fueled largely by generative artificial intelligence (Gen AI), broader digital transformation, and organizations migrating to cloud infrastructure. Gen AI adoption...more

Integreon

DORA Compliance Part 2: Addressing Compliance Across Critical Operational Areas

Integreon on

Introduction to DORA and its Implications - As of Jan.17, 2025, the European Union’s Digital Operational Resilience Act (DORA) became enforceable. This new regulatory framework significantly impacts financial institutions and...more

Accelerynt, Inc.

How Over-engineered Security Stacks Are Killing Agility—And What to Do About It

Accelerynt, Inc. on

Tool sprawl is paralyzing enterprise security teams. Learn how to shift from fragile, over-engineered stacks to agile security architectures that accelerate progress....more

Wiley Rein LLP

FedRAMP Announces New Approach to Assessing Security of Cloud Services Providers, Leveraging Commercial Practices and Tools

Wiley Rein LLP on

WHAT: FedRAMP has announced that it will be working on a new framework for authorization and assessment of cloud services for federal consumption, calling the initiative “FedRAMP 20X” (announcement here). In response to...more

Mitratech Holdings, Inc

5 Common Pitfalls in IT Disaster Recovery (and How to Avoid Them)

Even the strongest IT/DR plans can fail if they aren’t proactive about avoiding these common mistakes. When systems go down, business grinds to a halt. Downtime leads to $9,000 in losses per minute on average, damaged...more

Wiley Rein LLP

DOD Mandates Use of Software Acquisition Pathway for Software Development Procurements

Wiley Rein LLP on

WHAT: Department of Defense (DOD) Secretary Pete Hegseth issued a memorandum titled “Directing Modern Software Acquisition to Maximize Lethality” that is intended to reform DOD’s procurement involving software development....more

Robinson+Cole Data Privacy + Security Insider

AI Governance: The Problem of Shadow AI

If you hang out with CISOs like I do, shadow IT has always been a difficult problem. Shadow IT refers to refers to “information technology (IT) systems deployed by departments other than the central IT department, to bypass...more

Mitratech Holdings, Inc

IT/DR Plan Spring Cleaning: How to Replace Outdated Policies

Ready to ditch outdated guidelines and adopt a fresh take on your IT Disaster Recovery plans? Spring is the season of renewal, making it the perfect time to refresh not only physical spaces but also strategies and...more

Purpose Legal

Proactive Steps for Protecting your Intellectual Property (IP) and Trade Secrets

Purpose Legal on

We live in an era in which information is a valuable commodity. Access to data, ideas, and trade secrets is in high demand, particularly for individuals or companies seeking to profit from this information. One way they gain...more

Pagefreezer

The Major Microsoft Teams Challenge Stumping Legal & Compliance Teams

Pagefreezer on

Since 2019, the number of users on Microsoft Teams has risen 1500%, from a modest 20 million users in the pre-pandemic year (2019) to over 320 million users in 2024. Microsoft's collaboration platform is now the default...more

StoneTurn

2025 Incident Response Landscape: Practical Tips for Cybersecurity Readiness

StoneTurn on

Organizations seeking to improve their cybersecurity posture in 2025 must assess what happens after an incident has occurred, and how an incident response team will be able to mobilize to respond. This article provides...more

A&O Shearman

ESAs roadmap for designation of critical ICT third-party service providers under DORA

A&O Shearman on

The European Supervisory Authorities (ESAs) have published a roadmap for the designation of critical ICT third-party service providers (CTPPs) under the EU Digital Operational Resilience Act (DORA). The roadmap of key dates...more

Ius Laboris

Watching Sports at Work: How Employers Can Avoid an Own Goal

Ius Laboris on

2025, like most years, will be dominated by prominent sporting events. But with many of these sporting events likely to take place during working hours, and some employees hoping to watch-along live, we explore the lessons...more

Bennett Jones LLP

New Information Technology Security Requirements for Critical Infrastructure Facilities in Alberta

Bennett Jones LLP on

On May 31, 2025, the Alberta Security Management for Critical Infrastructure Regulation (the Regulation) will come into force and is expected to alter existing security requirements for critical resource infrastructure in...more

Mayer Brown Free Writings + Perspectives

FINRA Publishes 2025 Annual Regulatory Oversight Report

The Financial Industry Regulatory Authority, Inc. (“FINRA”) published its 2025 FINRA Annual Regulatory Oversight Report (the “Report”), which builds on the structure and content of FINRA’s prior reports for 2021-2024. This...more

A&O Shearman

European Central Bank updates TIBER-EU framework to align with DORA RTS on TLPT

A&O Shearman on

The European Central Bank (ECB) has published an updated version of the threat intelligence-based ethical red teaming framework (TIBER-EU framework) (dated January) to align with the Digital Operational Resilience Act (DORA)...more

515 Results
 / 
View per page
Page: of 21

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide