Regulatory compliance is an important corporate initiative as the complexity
and scope of the regulatory environment continues to increase. Coupled with the
rise in cyber attacks and insider threats, organizations are now searching for a
more effective, sustainable, and scalable approach that will achieve their
compliance objectives while improving the overall security posture of the
organization.


alt="Security Manual - Sarbanes-Oxley" vspace=3 align=right
src="http://www.it-toolkits.com/images/Securitymanual.gif"
longDesc="Security Manual Template - Sarbanes-Oxley">The mandatory nature of
regulatory compliance, combined with specific and quantifiable penalties for
non-compliance, has directed a large portion of overall security spending toward
compliance efforts. It is hard to argue with this objective, because the goal of
compliance spending is to protect corporate profitability and avoid increased
costs from non-compliance and possible brand damage. However, when security
projects are focused solely on meeting a minimal set of audit criteria rather
than minimizing risk, much of the potential benefit of this funding is
wasted.


The challenge for security teams is to ensure that security expenditures are
directed toward a comprehensive risk mitigation program aligned to the risk
tolerance and business objectives of the organization. Allowing the “accredit
and forget it” approach to drive security priorities is like cramming for an
exam. You may pass the exam (or the audit), but you are unlikely to retain the
benefits you would have gained from careful study and planning. Passing an audit
for PCI DSS, for example, is a good achievement. But even PCI DSS, considered
one of the most prescriptive mandates, is only a minimum security standard and
does not guarantee protection against data breaches. Case in point: Both
Heartland Payment Systems and T.J. Maxx had achieved or were achieving PCI
compliance when their systems were breached by a global identity theft ring,
resulting in two of the largest breaches of credit card data in history. Ask
yourself: Does compliance drive your security program without always improving
security?


border=0 alt=Order src="http://www.it-toolkits.com/images/buttons/Order.gif"
width=94 height=22> border=0 alt=Download
src="http://www.it-toolkits.com/images/buttons/DownloadTableofContents.gif"
width=209 height=22>

Resources
Post Your Resume to 65+ Job Sites
Resume Service

Post to Twitter Tweet This Post