Regs burden IT, boost security

By Mark Baard, Contributing Writer 22 Dec 2004 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Federal regulations are forcing IT security staffers to change their routines, leaving them with less time to install and maintain security hardware and software. But the regulations, which can call for stringent electronic record-keeping and privacy safeguards, are also compensating for the harm they cause. By compelling IT departments to tighten their user policies, and strengthen their data storage and damage recovery programs, HIPAA, Sarbanes-Oxley and the Gramm-Leach-Bliley Act have helped make networks more secure.

That's one of the findings of a survey of enterprise executives -- including IT and security professionals -- released today by the IT security management company RedSiren Inc., based in Pittsburgh.

"We are seeing a lot of product technology hype these days -- automated patch management, incident response technology and intrusion prevention systems," said Nick Brigman, RedSiren's vice president of product strategy. "But this survey reinforces the fact that every security plan has to be a blend of people, process and technology. It's a three-legged stool."

Sixty-two percent of the 300 respondents in the RedSiren survey said the time they spend complying with the requirements of the federal laws is coming out of what they would spend installing and upgrading security products, and performing other duties meant to protect their networks. Roughly 13% said the regulations have caused them to either divert or delay new IT security projects.

Two-thirds of respondents, however, also acknowledged that compliance with those regulations has, in fact, made their networks safer.

Lawyers, corporate leaders and even board members all have a role to play in the new security regime, said an IT security and privacy lawyer who read the RedSiren survey.

"The new rules are making [data] security more than an IT issue," said Thomas Smedinghoff, an attorney at the Chicago-based law firm Baker & McKenzie LLP. "This survey shows a recognition that IT is an integral part of the organization's operations, and a part of the corporate mainstream."

RedSiren sent to 15,000 individuals in November. Four percent of the 300 who responded worked in the finance departments of their organizations. Another 9% worked in risk management.

The RedSiren survey also found that 90% of IT security budgets will stay the same or grow in 2005, and that educating workers about IT security policies were among companies' chief concerns.

Tags: HIPAA,  Sarbanes-Oxley Act,  Gramm-Leach-Bliley Act (GLBA),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT HIPAA Cost of security, IT management add up at healthcare facilities, study finds Healthcare security spending remains sluggish, report shows Creating a HIPAA employee training program FTC extends breach notification to Web-based health repositories Are there guidelines to create a HIPAA-compliant data center? HHS HIPAA guidance on encryption requirements and data destruction Writing a patient identifier policy to prevent common HIPAA violations HIPAA compliance: New regulations change the game HIPAA compliance manual: Training, audit and requirement checklist Key elements of a HIPAA compliance checklist HIPAA Research Sarbanes-Oxley Act SOX compliance burdens midmarket security teams Ex-SEC chief Pitt decries state of Sarbanes-Oxley, risk management Information security book excerpts and reviews Internal audits for Sarbanes Oxley and internal IT support Internal auditors and CISOs mitigate similar risks Implement security and compliance in a risk management context Does password sharing in international branches violate SOX? Consensus Controls project aims to set benchmarks for compliance Security visualization helps make log files work The Little Black Book of Computer Security, 2nd Edition Sarbanes-Oxley Act Research Gramm-Leach-Bliley Act (GLBA) Implement security and compliance in a risk management context The road to compliance IBM to boost security spending, push PCI DSS program ISO 27001 could bridge the regulatory divide, expert says Policies and regulatory compliance Where hard drives go to die, or do they? Compliance guide for managers: Lessons learned and best decisions Become compliant -- without breaking the bank Compliance Guide for Managers Making sense of the maze Gramm-Leach-Bliley Act (GLBA) Research

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary