Access your Pro+ Content below.
Ease the compliance burden with automation
This article is part of the May 2009 issue of Information Security magazine
Just as a check-box approach to compliance doesn't guarantee security, good security practices aren't necessarily enough to meet regulatory compliance requirements. The point is, you may actually achieve a substantial degree of data security if you see securing access to sensitive information as an exercise in operational security. But, that alone won't pass muster when the auditors come in. Virtually all regulations and contracts, from HIPAA to FFIEC guidelines to the PCI DSS, require documentation, audited requests and approvals, logging, and review of all the operational activities that companies engage in to protect the particular regulated information. Many organizations find this additional dimension troublesome and underestimate the added organizational and process burden that comes with it. Most regulations and regulatory guidance are carefully written to avoid suggesting particular technologies, and none provides any requirement for automation of your compliance activities. However, for all but the smallest ...
Access this Pro+ Content for Free!
Features in this issue
Identity management technology is adapting to meet enterprise needs. Learn what products can improve security and ease compliance.
The Cybersecurity Act of 2009, also known as S.773, would give the president unprecedented authority over federal and private networks. Experts debate whether it's a power grab, or a signal of the seriousness of threats to critical infrastructure.
Cut through the hype and learn the differences and benefits of intrusion detection and prevention systems.
Manual compliance processes are error-prone and drain corporate IT resources. Automated tools make a difference if you apply them to a well-organized compliance program.
Columns in this issue
A service-oriented approach is the best way to demonstrate security's value and win support for security initiatives.
Security researchers have declared they want vendors to compensate them for their independent search for vulnerabilities.
Security experts Bruce Schneier and Marcus Ranum debate whether users should have an expectation of online privacy.