Problem solve Get help with specific problems with your technologies, process and projects.

Standards-based compliance: A how-to guide

This presentation by Dick Mackey discusses the pros and cons of using standards as the vehicles to improve regulatory compliance.

Dick Mackey, Principal, SystemExperts Corp., presented this session at Information Security Decisions Fall 2005.

Regulations such as SOX 404, GLBA and HIPAA are notorious for telling you what you need to accomplish, but not how to accomplish it. This session dives into the pros and cons of using standards such as COBIT, COSO and ISO17799 as the vehicles to improve regulatory compliance. Each of these standards has a different purpose, some extremely broad, others more focused. In thinking about security, in particular, one needs to navigate through the various standards to understand which parts overlap and how to meet the security requirements specified in them without wasting time and money. This session shows you how. We detail how the standards relate to specific regulations, the motivation behind each security framework, and their strengths and weaknesses. We also discuss how awareness of these standards can help improve your overall security approach, as well as your risk management program.

You find out:

Visit our resource center for more tips and expert advice on security standards

View more presentations from some of the industry's foremost security practitioners

Learn more about Information Security Decisions

  • Which standard is best aligned to which regulation
  • How security standards in general help you improve your risk management processes
  • The most useful parts of each standard
  • If you can safely ignore any parts of each framework

    Download this presentation

  • This was last published in October 2005

    Dig Deeper on Security audit, compliance and standards

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.