CSO INTERVIEW: Regulatory pain is a two-way street

You might not expect someone from the agency enforcing the Sarbanes-Oxley Act to describe regulatory compliance as something bogged down with "bureaucratic overlap" that's "killing" enterprises. But that's exactly how Chrisan Herrod sees it.

As CSO of the Securities and Exchange Commission [SEC], she is responsible for making sure the agency meets many of the same standards it enforces on others. Like many security/compliance professionals, she has her own war stories to tell.

One example -- a recent Government Accountability Office [GAO] report that took the SEC to task for not implementing "effective electronic access controls" like "user accounts and passwords, access rights and permissions, network security or audit and monitoring of security-relevant events…"

In this Q&A, Herrod explains why organizations like GAO must look at compliance as more than the machinery a company puts in place. She also explains how the private and public sectors can work together to bring sanity to the process.

This Content Component encountered an error

Dig Deeper on Government IT Security Management

PRO+

Content

Find more PRO+ content and other member only offers, here.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close