Home > Security Tips > Compliance Counselor > Standards-based compliance: A how-to guide
Security Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

COMPLIANCE COUNSELOR

Standards-based compliance: A how-to guide


Dick Mackey
10.26.2005
Rating: -3.25- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


Dick Mackey, Principal, SystemExperts Corp., presented this session at Information Security Decisions Fall 2005.

Regulations such as SOX 404, GLBA and HIPAA are notorious for telling you what you need to accomplish, but not how to accomplish it. This session dives into the pros and cons of using standards such as COBIT, COSO and ISO17799 as the vehicles to improve regulatory compliance. Each of these standards has a different purpose, some extremely broad, others more focused. In thinking about security, in particular, one needs to navigate through the various standards to understand which parts overlap and how to meet the security requirements specified in them without wasting time and money. This session shows you how. We detail how the standards relate to specific regulations, the motivation behind each security framework, and their strengths and weaknesses. We also discuss how awareness of these standards can help improve your overall security approach, as well as your risk management program.

You find out:
  • Which standard is best aligned to which regulation
  • How security standards in general help you improve your risk management processes
  • The most useful parts of each standard
  • If you can safely ignore any parts of each framework

    Download this presentation





    Rate this Tip
    To rate tips, you must be a member of SearchSecurity.com.
    Register now to start rating these tips. Log in if you are already a member.




    BROWSE BY TAG
    Compliance Counselor,   COBIT,   Security Audit, Compliance and Standards,   ISO 17799,   Sarbanes-Oxley Act,   HIPAA,   Gramm-Leach-Bliley Act (GLBA),   Standards,   Compliance,   VIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



    RELATED CONTENT
    Compliance Counselor
    Identity lifecycle management for security and compliance
    Interpreting 'risk' in the Massachusetts data protection law
    FTC Red Flags Rules: How to create an identity theft prevention plan
    Creating a HIPAA employee training program
    Data protection tips for corporate compliance leaders
    PCI DSS compliance requirements: Ensuring data integrity
    Understanding PCI DSS compliance requirements for log management
    Are 'strong authentication' methods strong enough for compliance?
    Strategies for using technology to enable automated compliance
    Common PCI questions: Web application firewalls or source code review?

    COBIT
    Tony Spinelli: Prioritize Information Security over Compliance
    Security survey finds increase in security standards adoption
    Mix of Frameworks and GRC Satisfy Compliance Overlaps
    GRC: Over-Hyped or Legit?
    Is the Orange Book still relevant for assessing security controls?
    Does SOX provision email archiving?
    COSO and COBIT: The value of compliance frameworks for SOX
    ISO 17799: A methodical approach to partner and service provider security management
    Mapping the path toward information security program maturity
    RSA Conference 2006
    COBIT Research

    ISO 17799
    Tony Spinelli: Prioritize Information Security over Compliance
    How to write a risk methodology that blends business, security needs
    IT auditing applications and tools for ISO 27002 certification
    Security survey finds increase in security standards adoption
    Mix of Frameworks and GRC Satisfy Compliance Overlaps
    GRC: Over-Hyped or Legit?
    Is the Orange Book still relevant for assessing security controls?
    How do ISO 17799 and SAS 70 differ?
    How to apply ISO 27002 to PCI DSS compliance
    How to migrate from SAS 70 to ISO 27001

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    COBIT  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary

    DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



    • Research Solutions for Network Security, Access Control and Security Threats
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts