Home > Security Tips > Compliance Counselor > Standards-based compliance: A how-to guide
Security Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

COMPLIANCE COUNSELOR

Standards-based compliance: A how-to guide


Dick Mackey
10.26.2005
Rating: -3.25- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


Dick Mackey, Principal, SystemExperts Corp., presented this session at Information Security Decisions Fall 2005.

Regulations such as SOX 404, GLBA and HIPAA are notorious for telling you what you need to accomplish, but not how to accomplish it. This session dives into the pros and cons of using standards such as COBIT, COSO and ISO17799 as the vehicles to improve regulatory compliance. Each of these standards has a different purpose, some extremely broad, others more focused. In thinking about security, in particular, one needs to navigate through the various standards to understand which parts overlap and how to meet the security requirements specified in them without wasting time and money. This session shows you how. We detail how the standards relate to specific regulations, the motivation behind each security framework, and their strengths and weaknesses. We also discuss how awareness of these standards can help improve your overall security approach, as well as your risk management program.

You find out:
MORE INFORMATION

Visit our resource center for more tips and expert advice on security standards

View more presentations from some of the industry's foremost security practitioners

Learn more about Information Security Decisions
  • Which standard is best aligned to which regulation
  • How security standards in general help you improve your risk management processes
  • The most useful parts of each standard
  • If you can safely ignore any parts of each framework

    Download this presentation


    Rate this Tip
    To rate tips, you must be a member of SearchSecurity.com.
    Register now to start rating these tips. Log in if you are already a member.




    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


    RELATED CONTENT
    Compliance Counselor
    Web 2.0 and e-discovery: Risks and countermeasures
    Learn from NIST: Best practices in security program management
    Best practices for application-level firewall selection and deployment
    The 'security standards dilemma': Network segmentation and PCI Compliance
    Penetration testing: Helping your compliance efforts
    Worst practices: Recognizing the biggest compliance mistakes
    E-discovery management: How IT should interact with the legal team
    E-discovery management: How IT should interact with the legal team
    Incident response success in five quick steps
    The forensics mindset: Making life easier for investigators

    COBIT
    COSO and COBIT: The value of compliance frameworks for SOX
    ISO 17799: A methodical approach to partner and service provider security management
    Mapping the path toward information security program maturity
    RSA Conference 2006
    Introduction to COBIT for SOX compliance
    How BS7799 and COBIT differ, part two
    Competing regulations clog road to compliance
    COBIT Research

    ISO 17799
    How do ISO 17799 and SAS 70 differ?
    How to apply ISO 27002 to PCI DSS compliance
    How to migrate from SAS 70 to ISO 27001
    Should ISO 17799 play a role in risk assessment?
    ISO 17799: A methodical approach to partner and service provider security management
    Embarking on the ISO 17799 certification trail
    How is ISO 17799 different from SAS 70?
    Mapping the path toward information security program maturity
    Developing an information security program using SABSA, ISO 17799
    Regulatory Compliance and ISO 27001

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    COBIT  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary

    DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

    • TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




    All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts