Most notable among the various compliance regulations in which organizations have invested significant time and money as of late have been the PCI DSS, HIPAA and SOX. All three regulations have a heavy focus on data protection and mandate that companies demonstrate a working identity management program, so it's not terribly surprising to hear about changes like the ones you are seeing.
The question is, what should you do? My advice is don't worry about what other companies are doing. Rather, talk with your executives about what their current and planned business priorities are, and alter your organization's security programs accordingly. That may mean working on data protection and IAM, but it could also mean working on Web application security or something completely different -- like security awareness training -- or implementing changes to policy and software development processes.
For more information:
Dig Deeper on Information security policies, procedures and guidelines
Related Q&A from David Mortman
While IT security consultancies can be helpful when trying to find flaws in an information security management framework, there are ways to do it ... Continue Reading
PCI DSS audits can be a lot easier if the scope is narrow. Learn how to consolidate and store sensitive data in order to best reduce PCI DSS security... Continue Reading
When hiring an information security team member, how important is a certification in information security? Learn how to talk to executives about ... Continue Reading