Access "Ease the compliance burden with automation"
This article is part of the May 2009 issue of How automated compliance solutions can help you plan for your next audit
Just as a check-box approach to compliance doesn't guarantee security, good security practices aren't necessarily enough to meet regulatory compliance requirements. The point is, you may actually achieve a substantial degree of data security if you see securing access to sensitive information as an exercise in operational security. But, that alone won't pass muster when the auditors come in. Virtually all regulations and contracts, from HIPAA to FFIEC guidelines to the PCI DSS, require documentation, audited requests and approvals, logging, and review of all the operational activities that companies engage in to protect the particular regulated information. Many organizations find this additional dimension troublesome and underestimate the added organizational and process burden that comes with it. Most regulations and regulatory guidance are carefully written to avoid suggesting particular technologies, and none provides any requirement for automation of your compliance activities. However, for all but the smallest organizations, the "paperwork" associated ... Access >>>
Premium Content for Free.
Changing times for identity management
Identity management technology is adapting to meet enterprise needs. Learn what products can improve security and ease compliance.
Know when you need IDS, IPS or both
Cut through the hype and learn the differences and benefits of intrusion detection and prevention systems.
- Changing times for identity management
Cybersecurity Act of 2009: Power grab, or necessary step?
The Cybersecurity Act of 2009, also known as S.773, would give the president unprecedented authority over federal and private networks. Experts debate whether it's a power grab, or a signal of the seriousness of threats to critical infrastructure.
Ease the compliance burden with automation
Manual compliance processes are error-prone and drain corporate IT resources. Automated tools make a difference if you apply them to a well-organized compliance program.
- Cybersecurity Act of 2009: Power grab, or necessary step?
Service-focused security offers best value to organization
A service-oriented approach is the best way to demonstrate security's value and win support for security initiatives.
The Pipe Dream of No More Free Bugs
Security researchers have declared they want vendors to compensate them for their independent search for vulnerabilities.
Bruce Schneier and Marcus Ranum Face-Off: Should We Have an Expectation of Online Privacy?
by Marcus J. Ranum, Contributor
Security experts Bruce Schneier and Marcus Ranum debate whether users should have an expectation of online privacy.
- Service-focused security offers best value to organization
More Premium Content Accessible For Free
Mobile device management (MDM) continues to grow at a feverish pace, both in terms of adoption and mobile security features. BYOD policies, and the ...
Organizations have implemented various network security technologies to gain better visibility into their networks. However, these security ...
You can fight compliance or embrace it, but one way or the other, you can’t escape it. Increasingly, smart organizations are not just accepting ...