Security Management Strategies for the CIOAccess "Ease the compliance burden with automation"
This article is part of the May 2009 issue of How automated compliance solutions can help you plan for your next audit
Just as a check-box approach to compliance doesn't guarantee security, good security practices aren't necessarily enough to meet regulatory compliance requirements. The point is, you may actually achieve a substantial degree of data security if you see securing access to sensitive information as an exercise in operational security. But, that alone won't pass muster when the auditors come in. Virtually all regulations and contracts, from HIPAA to FFIEC guidelines to the PCI DSS, require documentation, audited requests and approvals, logging, and review of all the operational activities that companies engage in to protect the particular regulated information. Many organizations find this additional dimension troublesome and underestimate the added organizational and process burden that comes with it. Most regulations and regulatory guidance are carefully written to avoid suggesting particular technologies, and none provides any requirement for automation of your compliance activities. However, for all but the smallest organizations, the "paperwork" associated ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Changing times for identity management
Identity management technology is adapting to meet enterprise needs. Learn what products can improve security and ease compliance.
-
Know when you need IDS, IPS or both
Cut through the hype and learn the differences and benefits of intrusion detection and prevention systems.
-
Changing times for identity management
-
-
Cybersecurity Act of 2009: Power grab, or necessary step?
The Cybersecurity Act of 2009, also known as S.773, would give the president unprecedented authority over federal and private networks. Experts debate whether it's a power grab, or a signal of the seriousness of threats to critical infrastructure.
-
Ease the compliance burden with automation
Manual compliance processes are error-prone and drain corporate IT resources. Automated tools make a difference if you apply them to a well-organized compliance program.
-
Cybersecurity Act of 2009: Power grab, or necessary step?
-
Columns
-
Service-focused security offers best value to organization
A service-oriented approach is the best way to demonstrate security's value and win support for security initiatives.
-
The Pipe Dream of No More Free Bugs
Security researchers have declared they want vendors to compensate them for their independent search for vulnerabilities.
-
Bruce Schneier and Marcus Ranum Face-Off: Should We Have an Expectation of Online Privacy?
by Marcus J. Ranum, Contributor
Security experts Bruce Schneier and Marcus Ranum debate whether users should have an expectation of online privacy.
-
Service-focused security offers best value to organization
More Premium Content Accessible For Free
Next-generation firewalls play by new rules
E-Zine
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with ...
Developing your endpoint security management transition plan
E-Handbook
This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based ...
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...