Compliance and regulatory mandates are moving businesses to implement key controls to make sure that they adhere to a wide range of national and international mandates – Sarbanes-Oxley, Gramm-Leach-Bliley, FISMA, HIPAA, California SB-1386, to name a few. In an effort to meet these requirements, enterprises must not only change business processes, but also implement security programs and tested controls designed to maintain and frequently (if not continuously) monitor their systems and activities. In short, a new relationship has forged between security and compliance.
How does compliance impact your role as a security practitioner? Few are in a better position to tell you than Pamela Fusco, who as chief security officer at pharmaceutical giant Merck & Co., implemented and executed on compliance initiates. In this presentation, Fusco shows you how her security department became involved in meeting regulatory demands. She reveals details and shares experiences on how she was able to enable her business to measurably improve security while satisfying compliance requirements, interact with business leaders, and implement automated and sustainable technologies and methodologies required to meet the evolving demands of business and compliance.
Find out how to put the key benefits of what Fusco achieved at Merck & Co. to work in your own organization as she covers five key areas associated with security's role in compliance:
- Information classification
- IT audits
- User provisioning and accountability
- Efficient and effective incident response
- Security process management
This was first published in October 2005