Security Management Strategies for the CIOAccess "Architect Security and Compliance Programs to Be Complementary"
This article is part of the June 2008 issue of Five crucial virtualization do's and don'ts
Compliance and security are business issues that require business solutions. It's become popular in the security community to decry compliance as not being the same thing as security. However, the problem isn't with compliance, but rather with business making assumptions about what being certified means. Rather than a measure of security, all certification means is that you meet a certain metric at a certain point in time. In reality, compliance and security programs are constant, ongoing efforts. We can complain all we like about compliance, but it is here to stay and is likely to get more complicated. The best thing we can do is embrace it and architect our compliance and security programs to be as complementary as possible, with each other and with the goals of the business. There are two important steps to help this effort. The first is to do a better job educating auditors so they can do a better job assessing the programs. Lots of auditors don't understand security well enough to ascertain whether controls are effective or even where controls are ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Virtualization server security best practices
by Thomas Ptacek
Avoid server virtualization security bad practices with these dos and don'ts. Get info on virtualization products, segmentation, implementation, avoiding malware, and staging, deploying and patching virtual machines, segmentation and implementation.
-
Product review: Credant Mobile Guardian 6.0
MOBILE SECURITY
-
Product review: Klocwork Insight 8.0
SOFTWARE SECURITY
-
Embedded Security Safeguards Laptops
Tech Focus: Secure From Within
-
Security Awareness Employee Training Essential to Infosec Program
Security awareness training initiatives such as online tutorials, newsletters, MP3s and prizes get the security message across to users.
-
Virtualization server security best practices
by Thomas Ptacek
-
-
Spam Blockers Losing Ground on Sophisticated Attackers
SPAM Spam hasn't been "solved"; in fact, the scourge has grown worse as attackers continually trump countermeasures and refine their focus on high-value targets.
-
Product review: Mu-4000 Security Analyzer
SYSTEM/DEVICE TESTING
-
Product review: Array Networks SPX2000
SSL VPN
-
Security Services: QualysGuard Security and Compliance Suite
At Your Service
-
GRC Tools Help Manage Regulations
GOVERNANCE, RISK AND COMPLIANCE We look at three GRC products and the distinct ways these tools can help organizations navigate the complicated regulatory game.
-
Spam Blockers Losing Ground on Sophisticated Attackers
-
Columns
-
CISOs Must Innovate to Enable Business
Editor's Desk: Be an Enabler
-
Architect Security and Compliance Programs to Be Complementary
Perspectives: Shake On It
-
Address Authentication and Transaction Validation Protocols to Stem Identity Theft
Layer8: Tarnishing Good Names
-
Interview: Financial Services CISO David Pollino
CISO Uses Predictive Analystics to Bolster Risk Management Program
-
CISOs Must Innovate to Enable Business
More Premium Content Accessible For Free
Next-generation firewalls play by new rules
E-Zine
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with ...
Developing your endpoint security management transition plan
E-Handbook
This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based ...
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...