IT Compliance

BuiltWithNOF

IT Security Compliance and Best Practices

The effective use and management of IT is critical to the success of the enterprise strategy. It has the potential to be the major driving economic wealth of the 21st century. Today, IT continues to provide opportunity to obtain a competitive advantage and offer a means for increasing productivity -- and it will do this even more in the future. 

But it carries risks. It is clear that in this days of doing business on a global scale around the clock, systems & network down time, enterprise network attacks have become too costly for any enterprise to afford. As attacks on enterprise grow more sophisticated and diverse, companies need to rethink their defense strategy and risk management solutions for information security. Information security for that matter is not only about protecting the network, but also the data - and the risk of not doing this can be huge -- the impact (I) and dollars ($) terms can roughly be looked at, as:

                       Risk = (Impact)x(Dollars)2 = I$2

 And that’s where IT security compliance and best practices comes into play.

Federal Regulations & Business Partner’s Requirement
Federal regulations are forcing many organizations in Healthcare, Finance, City Governments or any other publicly-traded company to comply with government regulations and business partners’ requirements - that is: Who has access to your network? How do you keep the bad guys out and let the good guys in? How do you control your supply chain and still grant access to independent contractors? How do you handle change management and still comply with this rules?

Solutions: Deploy compliance and best practices. Not implementing Federal regulations and business partners’ requirement could end your company in deep financial implications.

Until now, most businesses have focused their security attention on external attackers. But a quick glance at recent headlines shows that the threat from internal sources is just as serious. Given the significant legal and financial consequences of data security breaches, data falsifications & mismanagement – unwanted media attention, brand damage, stock price drops, hefty fines, lawsuits and customer loss – it's clear that IT leaders must address both external and internal threats in order to protect both their employees and their customers.

Best Practices and Standards Help Enable Effective Governance of IT Activities
Today every organization tries to deliver value from IT while managing an increasingly complex range of IT-related risks, the effective use of best practices can help to a avoid reinventing wheels, optimize the use of scarce IT resources and reduce occurrence of major IT risk, such as: Project failures, Wasted investments, Securities breaches, Systems crashes & downtimes, and Failures by service providers to understand and meet customers requirements and government regulations.

Increasingly, the use of standards and best practices, such as ITIL, COBIT and ISO_17799:2005, is being driven by business requirements for improved performance, value transparency and increased control over IT activities while meeting government regulation in tandem.
 

Aligning COBIT, ITIL, ISO_17799 for Business Benefit
Attempting to mix the three management best practices specifications - COBIT, ITIL, and ISO_17799 - can be daunting, and much work has been done to-date to harmonize them. You can think of the three this way:

  • COBIT tells you what to monitor and control i.e., it addresses IT auditing
  • ITIL describes how to go about implementing the processes for doing that
  • ISO/IEC_17799:2005 (ISO/IEC 27002:2005) lays out a process for securing those services and addresses legal and complience requirements.

Some of the regulations and requirements that are currently in effect are: Health Insurance & Accountability Act (HIPAA); Sarbanes-Oxley (SOX) Act; Payment Card Industry (PCI) Data Security Standard; Gram-Leach-Bliley (GLB) Act; and PIPEDA in Canada

Read More: A New Look at IT Security, Compliance & Risk Management Plan

[Serengeti Systems] [About] [Contact Us] [Services] [Downloads] [Project Mgt] [Training] [Cryptography] [IT Compliance] [WiFi Solutions] [Newsletter] [FAQ] [Legal] [Partners]