Compliance and (In)Security

A. DeCarlo
A. DeCarlo

Summary Bullets:

  • For all the emphasis on industry security standards and regulatory compliance, businesses too often miss the mark
  • For those that do not achieve compliance, security breaches are all too common

Nothing drives enterprise security spending quite like compliance. Angst over meeting or missing a mandate strikes fear in the hearts of CIOs and IT security directors everywhere. As a result, it is not at all unusual for a company to map its security priorities to government standards such as those laid out in the Federal Information Security Management Act (FISMA) or industry specifications such as the healthcare-focused Health Insurance Portability and Accountability Act (HIPAA) specification and the Health Information Trust Alliance (HITRUST) framework.
Continue reading “Compliance and (In)Security”