Regulatory Compliance
By Laura Robinson, RSA
Regulatory compliance has become a more strategic initiative for organizations. Up to now, compliance efforts were reactive, deadline-driven, tactical in nature and narrow in scope. However, now that many of the first deadlines have passed, enterprises must adopt a new approach to compliance
This new approach must be one that:
Builds an effective information security strategy that can help comply with current and pending regulations
Focuses on implementing best practices in information security to address the key requirements
Aligns with other business objectives such as reduced costs and increased access to information
Taking this approach can help reduce the complexity of complying with the information security provisions of the various types of regulations. Government mandates to protect information vary in focus from corporate governance to privacy, and from risk management to data integrity. The common threads across all of these are central requirements pertaining to authentication, access control, data protection and logging and reporting. Organizations have to meet these requirements as their IT environments are constantly changing and security threats are on the rise.
An effective information security strategy will help to ensure that the proper controls are in place even as new users and applications are being added to the system; and more processes are being outsourced and managed by external parties. It will also protect an organization from the escalating threat landscape.
A Strategy Based on Best Practices
For implementing best practices in information security, some regulations reference particular control frameworks—such as ISO 17799, COBIT, NIST or FFIEC—while others leave it up to industry to decide which set of controls to use. Using information security best practices that are based on these frameworks and that align with other business objectives—such as reducing costs, increasing revenues and improving customer service and employee productivity—is the key to successfully negotiating the evolving compliance landscape.
Traditionally, most organizations have viewed the compliance process as merely passing an audit. A more successful approach is to view regulatory compliance as an opportunity to implement information security best practices that enable your organization to reap the rewards of e-business, helping it to gain significant competitive advantage in today’s regulated environment. RSA Security can help you build an effective information security strategy to help you comply with regulations, based on our leading solutions and our experience in working with our 17,000 customers across the globe.
For more articles on Compliance contact Leah Cohern at lcolern@rsasecurity.com
|
