Find White Papers
Home
About Us
List Your Papers
    
> RiskWatch > The Intersection of Security & Compliance: The New Risk Assessment

The Intersection of Security & Compliance: The New Risk Assessment

White Paper Published By: RiskWatch

As corporate security policies and compliance regulations are created to address the increasingly dangerous post 9/11 environment, security risk management is becoming an increasingly important tool in corporate governance. Learn more in this white paper by RiskWatch.



Tags : 
network security, security, compliance, glba, hipaa, risk assessment, risk management, hipaa compliance

RiskWatch
Published:  Feb 05, 2007
Type:  White Paper
Length:  5 pages

® RiskWatch
The Leader in Security Risk Assessment
The Intersection of Security & Compliance:
The New Risk Assessment by Caroline Ramsey Hamilton, President & CEO-RiskWatch, Inc.
Background organization's ability to carry out its primary Since September 11, 2001, there is no doubt function -- whether that function is manufacturing that the entire security industry has been products, providing services, moving cargo, fundamentally changed. In shock waves that providing infrastructure or administering reached out across borders to the boardrooms of programs. Security budgets are important now the world, security moved from a misunderstood and those budgets are being evaluated with a backroom function to the number one priority of risk management perspective -- how much both government organizations and Fortune security do we need to be secure? How much 1000 companies. does it cost to improve our security program to the most effective level? And, for the first time, Finally, organizations were ready to "do are we, as an organization compliant with the whatever it takes" to improve security and that new security guidelines? meant a plethora of new regulations that require TECHNOLOGY Ship and Seaport Securitymore stringent security and other requirements NIST 800-26 Maritime Transportation Security Act of 2002NIST 800-14 International Maritime Organization (IMO), ISPS CodeFederal Manager's Financial Integrity Act of 1982 IMO Circular 443: Measures to Prevent Unlawful Acts Against that influence the nature of both physical security FISCAM (Federal Information System) (in development) Passengers and Crew Onboard ShipsISO/IEC 17799 U.S. Coast Guard CFR 33 and NVIC CircularsISO/IEC 27799:2000(E) ILO New Guidelines: Code of Practice on Security, Health and Safety and information security. These new Security Self-Assessment Guide for IT Systems in PortsNSTISSI No. 1000, (National Security Telecommunications & Information Systems Security Instruction (NIACAP) U.S. Dept. of Defense requirements are mandatory -- and most are Office of Management and Budget (OMB) A-123, A-124, A-127, DOD Anti-terrorism Guidelines, 2000-12-16/12Hand A-130 DOD 5200.40 BS7799 Code of Practice Department of Defense (DOD) 5200.28  subject to either audit or review, by an outside Cyber Security Policy P03-002: Information Security Policy Unified Facilities Criteria 4-010-01: Minimum Antiterrorism SPAS for Insurance Companies: Underwriting for E-Commerce Standards for BuildingsBusiness Disruption Insuranceorganization. A key element in these new The Turnbull Report - Combined Code Transportation (Supply Chain )SecurityBASC Standards HIPAA C-TPAT Healthcare Insurance Portability and Accountability Act of 1997 Container Security Initiativerequirements was the risk analysis/risk GAO Report on Container SecurityPhysical & Homeland Security TAPA - FSR 2000-31: Freight Suppliers Minimum Security FEMA 426 Guidelines to Protect Buildings Against Terrorism Requirementsassessment requirement that forces Bank Secrecy ActPatriot Act Financial Services-Regulatory ComplianceASIS Threat Guidelinesorganizations to conduct a formal assessment of FEMA 428 Primer to Design Safe School Projects in Case of GLBA (Gramm Leach Bliley Act)Terrorist Attacks Sarbanes Oxley ActGAO Report on Risk & Antiterrorism Title V -- Privacy: Disclosure of Nonpublic Personal Informationtheir security profile -- the threats that are GAO State of Security at Chemical Facilities EDP Auditor's Guidelines for Risk AnalysisNFPA 730 Guide for Premises Security GAO Guidelines - Risk Management forNIJ Vulnerability of US Chemical Facilities Homeland Securitypresent, the assets that need protection, a review of existing vulnerabilities and the analysis of these elements, such as threat/vulnerability Where Compliance Meets Security
pairing, culminating in a list of controls that will The chart below illustrates some of the many be implemented. requirements that affect different organizations, many which were created after 9/11. They are Moving Security up to the Boardroom found in almost all industries-financial services,
The effect of these new regulations is to elevate healthcare, transportation, manufact... [download for more]

Browse Technology Topics

Data Center

Virtualization, Cloud Computing, Infrastructure, Design and Facilities, Power and Cooling, Green Computing  
    

Data Management

Application Integration, Analytical Applications, Business Intelligence, Configuration Management, Database Development, Data Integration, Data Mining, Data Protection, Data Quality, Data Replication, Database Security, EDI, SOAP, Service Oriented Architecture, Web Service Management, Data Warehousing  
    

Enterprise Applications

Application Integration, Application Performance Management, Best Practices, Business Activity Monitoring, Business Analytics, Business Integration, Business Intelligence, Business Management, Business Metrics, Business Process Automation, Business Process Management, Call Center Management, Call Center Software, Change Management, Corporate Governance, Customer Interaction Service, Customer Relationship Management, Customer Satisfaction, Customer Service, EBusiness, Enterprise Resource Planning, Enterprise Software, EProcurement, Extranets, Groupware Workflow, HIPAA Compliance, IP Faxing, IT Spending, Marketing Automation, Performance Testing, Product Lifecycle Management, Project Management, Return On Investment, Risk Management, Sales & Marketing Software, Sales Automation, Server Virtualization, Simulation Software, Supply Chain Management, System Management Software, Total Cost of Ownership, Video Conferencing, Voice Recognition, Voice Over IP, Workforce Management, Incentive Compensation, Spend Management, Manufacturing Execution Systems, International Computing  

Human Resource Technology

Human Resources Services, Payroll Software, Time and Attendance Software, Workforce Management Software, Financial Management, Employee Monitoring Software, Employee Training Software, Recruiting Software/Services, Employee Performance Management, ELearning, Benefits Management, Expense Management  
    

IT Career Advancement

Cisco Certification, Microsoft Certification, Linux Certification, Network Security Certification, Software Development Certification  

IT Management

Employee Performance, ITIL, Productivity, Project Management, Software Compliance, Sarbanes Oxley Compliance, Service Management, Desktop Management  
    

Knowledge Management

Collaboration, Collaborative Commerce, Contact Management, Content Delivery, Content Integration, Content Management System, Corporate Portals, Customer Experience Management, Document Management, Information Management, Intranets, Messaging, Records Management, Search And Retrieval, Search Engines, Secure Content Management, SLA  

Networking

Active Directory, Bandwidth Management, Convergence, Distributed Computing, Ethernet Networking, Fibre Channel, Gigabit Networking, Governance, Grid Computing, Infrastructure, Internetworking Hardware, Interoperability, IP Networks, IP Telephony, Local Area Networking, Load Balancing, Migration, Monitoring, Network Architecture, Network Management, Network Performance, Network Performance Management, Network Provisioning, Network Security, OLAP, Optical Networking, Quality Of Service, Remote Access, Remote Network Management, Server Hardware, Servers, Small Business Networks, TCP/IP Protocol, Test And Measurement, Traffic Management, Tunneling, Utility Computing, VPN, Wide Area Networks, Green Computing, Cloud Computing, Power and Cooling, Data Center Design and Management, Colocation and Web Hosting  
    

Platforms

AS/400, Domino, Linux, Microsoft Exchange, Oracle, PeopleSoft, SAP, Siebel, Solaris, Tivoli, Unix, Web Sphere, Windows, Windows Server  

Security

Access Control, Anti Spam, Anti Spyware, Anti Virus, Application Security, Auditing, Authentication, Biometrics, Business Continuity, Compliance, DDoS, Disaster Recovery, Email Security, Encryption, Firewalls, Hacker Detection, High Availability, Identity Management, Internet Security, Intrusion Detection, Intrusion Prevention, IPSec, Network Security Appliance, Password Management, Patch Management, Phishing, PKI, Policy Based Management, Security Management, Security Policies, Single Sign On, SSL, Secure Instant Messaging, Web Service Security, PCI Compliance, Vulnerability Management  
    

Software Development

.NET, C++, Database Development, Java, Middleware, Open Source, Software Outsourcing, Quality Assurance, Scripting, SOAP, Software Testing, Visual Basic, Web Development, Web Services, Web Service Security, XML  

Storage

Backup And Recovery, Blade Servers, Clustering, IP Storage, ISCSI, Network Attached Storage, RAID, Storage Area Networks, Storage Management, Storage Virtualization, Email Archiving, Data Deduplication  
    

Wireless

802.11, Bluetooth, CDMA, GPS, Mobile Computing, Mobile Data Systems, Mobile Workers, PDA, RFID, Smart Phones, WiFi, Wireless Application Software, Wireless Communications, Wireless Hardware, Wireless Infrastructure, Wireless Messaging, Wireless Phones, Wireless Security, Wireless Service Providers, WLAN  
Search