Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
Security Vendors Revamp Desktop SuitesSecurity Vendors Revamp Desktop Suites
As host protection concerns evolve to include data loss prevention, vendors are busily enhancing their offerings.
1 Min Read
THE COMPLIANCE SHUFFLE
Complying with one standard usually implies best practices for complying with others. "Not a day goes by that someone isn't asking for something," says Bernie Donnelly, VP of quality assurance at the Philadelphia Stock Exchange. From the Securities And Exchange Commission to his own internal audit team, Donnelly lives and breathes compliance.
To that end, Donnelly has learned to think strategically instead of tactically. When auditors requested additional checks and balances to the stock exchange's back-end batch-processing systems, Donnelly figured auditors would eventually make the same requests for its check ledgers.
"If you need it in one system, you'll need it in others," Donnelly says. "Rather than fixing piecemeal what's only being asked, look at the true cause of the problem. You get a better business practice as a side effect."
Smart security pros don't confuse compliance with security. Says Kenyon: "Compliance is third-party validation of what you do every day." Like an athlete winning a gold medal, the point-in-time compliance designation is the result of daily effort, and that effort could be greatly simplified as the vendors build better threat management suites. While it's unlikely that just one product can do everything needed, increased functionality and simplified management are welcome enhancements for security architects.
Continue to the sidebar:
The Realities Of Risk Management
About the Author
You May Also Like
More Insights
