
	Home > Security Tips > Compliance Counselor > What to tell senior management about regulatory compliance

Security Tips:

EMAIL THIS

TIPS & NEWSLETTERS TOPICS

COMPLIANCE COUNSELOR

What to tell senior management about regulatory compliance

IT Governance Institute
10.18.2005
Rating: -4.00- (out of 5)

Digg This!

StumbleUpon

Del.icio.us

In the complimentary Powerpoint presentation Information Security Governance – Top Actions for Security Managers, the IT Governance Institute provides actionable advice on how to implement information security governance. Each slide represents one of 18 questions often asked of security practitioners by senior management, and are designed to uncover information security issues. Here, we take a look at the question of regulatory compliance: considerations regarding the question, sources to assist the security manager in determining the appropriate response, evaluation and performance criteria to determine how effectively the enterprise addresses the security considerations, and security program initiatives detailing steps the enterprise should take.

What information assets are subject to laws and regulations? What has management instituted to assure compliance with them?

Considerations for security managers

Organizations are subject to many laws and regulations based on their

jurisdiction, industry, contractual arrangements and legal form (e.g., publicly traded corporation). Many impose strict requirements over the management of information assets, especially the protection of private information such as customer and employee data. A failure to meet these requirements can result in significant penalties, liability and damage to the organization's reputation.

Compliance with the multitude of laws and regulations calls for the application of legal expertise within a formal, ongoing program that identifies all relevant requirements, including privacy limitations, intellectual and property rights, and other legal, regulatory, contractual and insurance requirements. The program must then determine the information security measures needed for compliance and ensure those measures are in effect.

Evaluation and performance criteria

Security program initiatives

Rate this Tip
To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member.

BROWSE BY TAG

Compliance Counselor, Information Security Threats, Identity Theft and Data Security Breaches, Security Audit, Compliance and Standards, Gramm-Leach-Bliley Act (GLBA), FISMA, HIPAA, Data Privacy and Protection, Sarbanes-Oxley Act, General, Infosec-Related Regs, Compliance, Compliance leadership, People & policy, Enterprise Data Protection, Identity Theft and Data Security Breaches, VIEW ALL TAGS

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Compliance Counselor
	Common PCI questions: Web application firewalls or source code review?
	PCI management: The case for Web application firewalls
	The basics of enterprise GRC project management
	PCI DSS: The structure of a standard
	How to choose between source code reviews or Web application firewalls
	HIPAA compliance: New regulations change the game
	Data security best practices for PCI DSS compliance
	Key elements of a HIPAA compliance checklist
	A preview of PCI virtualization specifications
	Strategies for email archiving and meeting compliance regulations

Identity Theft and Data Security Breaches

How to prevent and build protection against online identity theft

Heartland breach highlights PCI limitations

FBI investigates coordinated ATM scam

Encrypt now to meet new Mass. data protection law

Recovery plans essential for preventing data loss disasters

Internal auditors and CISOs mitigate similar risks

Cybersecurity expert sees PCI DSS problems ahead for retailers

PCI is about eliminating data, not securing it, former QSA says

Data breach discovery, disclosure outpaces 2007

PCI groups to focus on wireless, pre-authorization changes

Identity Theft and Data Security Breaches Research

Gramm-Leach-Bliley Act (GLBA)

Implement security and compliance in a risk management context

The road to compliance

IBM to boost security spending, push PCI DSS program

ISO 27001 could bridge the regulatory divide, expert says

Policies and regulatory compliance

Where hard drives go to die, or do they?

Compliance guide for managers: Lessons learned and best decisions

Become compliant -- without breaking the bank

Compliance Guide for Managers

Making sense of the maze

Gramm-Leach-Bliley Act (GLBA) Research

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Research Solutions for Network Security, Access Control and Security Threats
More Security Resources for Resellers, VARs and OEMs

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy