|
I. Overview
Are you confident your network is secure and meeting IT security policies? Does your organization have an internal security policy?
Can you measure and enforce your IT compliance against that policy? Are your critical security risks being identified and fixed?
For businesses today, managing IT security risk and meeting compliance requirements is paramount. The past decade has seen an unprecedented wave of security breaches that have compromised the integrity of company-owned information – resulting in substantial financial and operational loss while devastating the confidence of customers, business partners and stakeholders. This tide of events has led to the establishment of technical standards, IT governance frameworks and laws designed to improve and enforce security – creating further pressure for organizations to define, control and govern their IT infrastructure more effectively.
This paper discusses the challenges faced by or
ganizations of all sizes – across all industries – and presents a security as a service (SaaS) approach to simplify and automate the convergence of security and compliance to:
*Define policies to establish a secure IT infrastructure in accordance with good governance and best-practice frameworks.
*Automate ongoing security assessments, and manage vulnerability risk effectively.
*Mitigate risk and eliminate threats utilizing the most trusted vulnerability management application in the industry.
*Monitor and measure network compliance in one unified console – saving time, assuring reliability and reducing costs.
*Distribute security and compliance reports customized to meet the unique needs of business executives, auditors and security professionals.
II. Regulatory Challenges
Compliance with regulatory mandates and internal security policies is critical to the success of any enterprise. To protect the integrity of enterprise-owned information, prevent corporate scandals, and ensure customer privacy, new laws and regulations have emerged governing a variety of enterprises. Some of today’s more prominent security mandates include:
SOX – The Sarbanes-Oxley Act of 2002 requires strict internal controls and independent auditing of financial information as a proactive defense against fraud.
HIPAA – The Health Information Portability and Accountability Act of 1996 requires tight controls over handling of and access to medical information to protect patient privacy.
GLBA – The Gramm-Leach-Bliley Act of 1999 requires financial institutions to create, document and continuously audit security procedures to protect the nonpublic personal information of their clients, including precautions to prevent unauthorized electronic access.
FISMA – The Federal Information Security Management Act of 2002 is meant to bolster computer and network security within the federal government and affiliated parties (such as government contractors) by mandating yearly audits.
Basel II – The Capital Requirements Directive/Basel II Accord established an international standard that banking regulators can use when creating regulations about how much capital banks need to put aside to guard against the types of financial and operational risks banks face.
UK Data Protection Act of 1998 – The eight principles of the Data Protection Act state that all data must be processed fairly and lawfully; obtained and used only for specified and lawful purposes; adequate, relevant and not excessive; accurate, and where necessary, kept up to date; kept for no longer than necessary; processed in accordance with individuals rights as defined in the Act; kept secure; and transferred only to countries that offer adequate data protection.
In addition to these federal, state and international regulations, enterprises typically maintain a large, evolving body of internal policies designed to protect the company’s information resources, employees, customers and brand reputation.
|
