http://www.darkreading.com/compliance/167901112/security/news/232900802/do-s-and-don-ts-of-compliance-policy-development.html By Ericka Chickowski Contributing Writer Dark Reading April 23, 2012 Compliance fatigue can afflict just about any enterprise today facing the growing list of regulatory requirements placing pressuring on their security practices. Sometimes it may seem that there is just not enough money or time to keep up. But governance, risk and compliance (GRC) experts believe that the key to bringing things into equilibrium is a solid foundation set by unified policies that can guide security standards and procedures to both minimize risk and comply with regulations now and in the future. Unfortunately, many organizations today fail to do a good job establishing effective policies. Dark Reading recently talked to some experts in the industry, who offered some helpful tips on what organizations should and shouldn't be doing when developing their security and compliance policies. Don't Get Bogged Down In Individual Regulations "Organizations today have numerous government and industry-specific regulations that they need to be mindful of," says Andres Kohn, vice president of technology at Proofpoint. "The evolving regulatory environment becomes even more complicated due to multi-regulation and cross-border regulations." Not to mention that Gartner's predicting that by 2014, 70 percent of IT risk and security officers in Global 2000 organizations will be required to report annually to the board of directors on the state of security, Kohn says. He believes that with so many individual requirements it can be easy to get mired in the details. [...] _______________________________________________ LayerOne Security Conference May 26-27, Clarion Hotel, Anaheim, CA http://www.layerone.orgReceived on Mon Apr 23 2012 - 23:38:38 PDT
This archive was generated by hypermail 2.2.0 : Mon Apr 23 2012 - 23:38:24 PDT