Security Building a risk-based compliance program:
Building a risk-based compliance program
Compliance is no longer just an issue for the executive, legal and accounting teams to do deal with. It is now a daily concern for IT staffs, and more specifically, for the security staffs who must ensure that the servers, endpoints and mobile devices meet the standards set by dozens of regulations. As compliance has become more of an IT issue, the idea of basing a compliance program on a risk management approach has begun to gain a lot of momentum. A recent survey of business executives and IT professionals by Polivec Inc. showed that 73% of respondents believe risk analysis is an important basis for a compliance effort.
Quiz - A five-question multiple-choice quiz to test your understanding of Richard Mackey's Compliance School lesson.
Tip - The Payment Card Industry Data Security Standard may be fairly straightforward, but it's lacking in defining the processes that will ultimately lead to PCI DSS compliance. In this tip, expert Richard Mackey explains why the ISO 27002 can not only help...