Access "Ease the compliance burden with automation"
This article is part of the May 2009 issue of How automated compliance solutions can help you plan for your next audit
Just as a check-box approach to compliance doesn't guarantee security, good security practices aren't necessarily enough to meet regulatory compliance requirements. The point is, you may actually achieve a substantial degree of data security if you see securing access to sensitive information as an exercise in operational security. But, that alone won't pass muster when the auditors come in. Virtually all regulations and contracts, from HIPAA to FFIEC guidelines to the PCI DSS, require documentation, audited requests and approvals, logging, and review of all the operational activities that companies engage in to protect the particular regulated information. Many organizations find this additional dimension troublesome and underestimate the added organizational and process burden that comes with it. Most regulations and regulatory guidance are carefully written to avoid suggesting particular technologies, and none provides any requirement for automation of your compliance activities. However, for all but the smallest organizations, the "paperwork" associated ... Access >>>
Premium Content for Free.
Changing times for identity management
Identity management technology is adapting to meet enterprise needs. Learn what products can improve security and ease compliance.
Do you need an IDS or IPS, or both?
by Joel Snyder, Contributor
Cut through the hype and learn the differences and benefits of intrusion detection and prevention systems.
- Changing times for identity management
Cybersecurity Act of 2009: Power grab, or necessary step?
The Cybersecurity Act of 2009, also known as S.773, would give the president unprecedented authority over federal and private networks. Experts debate whether it's a power grab, or a signal of the seriousness of threats to critical infrastructure.
Ease the compliance burden with automation
Manual compliance processes are error-prone and drain corporate IT resources. Automated tools make a difference if you apply them to a well-organized compliance program.
- Cybersecurity Act of 2009: Power grab, or necessary step?
Service-focused security offers best value to organization
A service-oriented approach is the best way to demonstrate security's value and win support for security initiatives.
The Pipe Dream of No More Free Bugs
Security researchers have declared they want vendors to compensate them for their independent search for vulnerabilities.
Bruce Schneier and Marcus Ranum Face-Off: Should We Have an Expectation of Online Privacy?
by Marcus J. Ranum, Contributor
Security experts Bruce Schneier and Marcus Ranum debate whether users should have an expectation of online privacy.
- Service-focused security offers best value to organization
More Premium Content Accessible For Free
For many security teams, "continuous monitoring" is a vague concept associated with FISMA compliance. A continuous monitoring program can be simple ...
The variety and sheer number of network endpoints, users and devices in the enterprise today is driving IT's demands for enhanced security features ...
Enterprises leverage open source software for the perceived quality of the code, but the Heartbleed flaw has made many question their use of ...