Ask the Expert

Are there security management products that can track compliance objectives?

Are there integrated security management systems (ISMS) that track against compliance objectives?

    Requires Free Membership to View

That's kind of a broad question without a simple yes or no answer. Unfortunately, it depends on what you are trying to do. There are a number of security management products that will gather information about an environment and provide reports that show how specific controls have been deployed. These products usually go under the banner of security information management, but can also come from a log management or a forensics offering.

But the reality is that no single product is going to produce a report at the press of a button that will make your auditor go away any faster. Let's take PCI DSS as an example. PCI DSS consists of 12 different requirements, roughly seven or eight could be reported on by a comprehensive SIM environment. But things like policies and physical access are not readily pumped into a reporting engine.

Many compliance software products today emphasize managing people and processes rather than technology. So these tools will have self-surveys and other ways to document some of the softer issues around compliance, rather than just pulling information from firewall and IPS logs.

Additionally, you need to find leverage in this environment. One of the key aspects that you should be looking for is a comprehensive mapping of security controls to regulations. Something like a firewall or access control will apply to things like HIPAA, GLBA and PCI DSS. There is no use in having to report on all this information separately, so there should be a research team behind the product that will keep these mappings up to date.

For more information:

  • In this tip, Mike Rothman explains common mistakes in the security product purchase process.
  • Joel Dubin identifies the several identity management auditing tools on the market, and discusses which products best suit your needs.
  • This was first published in December 2007

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: