Tip

Separating fact from fiction: Security technologies for regulatory compliance

Diana Kelley, Burton Group analyst, presented this session at Information Security Decisions Fall 2005.

Many products tout "out-of-the-box" compliance capabilities for Sarbanes-Oxley, HIPAA and other regulations.

    Requires Free Membership to View

    Login

SIM and ESM products, for instance, have introduced "snap-in" software modules designed to flag exceptions to security-oriented policy rules for various regulations. Vulnerability and configuration management products can be used to audit for the presence of security-related controls.

While there's no denying that technology can help automate the compliance process, purchasing a single tool that comes pre-configured for corporate compliance is not realistic. In this session, Burton Group analyst Diana Kelley explores what companies need to think about when creating policies for compliance and discusses selection criteria for some of the key technologies that aid in the process, such as documentation management, auditing and SIM tools. She also tackles the effectiveness of compliance "dashboards."

In addition to the specifics above, this presentation:

MORE INFORMATION

Visit our resource center for more tips and expert advice on regulatory compliance

View more presentations from some of the industry's foremost security practitioners

Learn more about Information Security Decisions
  • Shows you why compliance isn't a product
  • Demystifies compliance vendors' claims
  • Helps you create a compliance framework
  • Enables you to leverage tools and technologies for compliance

Download this presentation


This was first published in October 2005

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

    Back to top