Access your Pro+ Content below.
Prioritizing compliance and information security
This article is part of the March 2007 issue of Information Security magazine
Few would dispute that regulatory mandates have forever changed the role of IT security. The risk of financial sanctions, public embarrassment and potential jail time for executives has raised security awareness from the back office to the board room. "Roll the clock back a few years and look at the challenges security professionals had then," says Eric Litt, chief information security officer at General Motors. "They were trapped in the middle layer of management. They certainly didn't have the support or understanding of upper management. And if they were trying to make the right IT security moves, they were pushing snowballs uphill." But it's debatable whether this increased attention toward regulatory compliance has had its desired impact and actually improved the overall IT security of regulated organizations. Many security managers, in fact, argue that compliance has to varying degrees weakened their priority--that the target sights have shifted from reaching a state of overall security to attaining adequate levels of ...