{"id":1673,"date":"2006-10-11T00:00:00","date_gmt":"2006-10-11T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2006\/10\/11\/compliance-a-multi-front-war\/"},"modified":"2021-12-30T11:39:47","modified_gmt":"2021-12-30T11:39:47","slug":"compliance-a-multi-front-war","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2006\/10\/11\/compliance-a-multi-front-war\/","title":{"rendered":"Compliance: A Multi-Front War"},"content":{"rendered":"<p>SOX. GLBA. HIPAA. PCI. FFIEC. HSPD-12. FIPS 140. If you&#8217;re dealing with any of these regulations in your IT security job, you know the pain of compliance projects.   More and more security groups &#8212; particularly those in large enterprises &#8212; are finding that they&#8217;re working on simultaneous, often overlapping projects that come from multiple project teams working on different compliance initiatives.  &#8220;If you&#8217;re a public company, you&#8217;re dealing with [Sarbanes Oxley].  And I would say 30 to 40 percent of the enterprises we work with are dealing with at least one more set of regulations,&#8221; says Marne Gordan, director of regulatory affairs at Cybertrust, which offers security consulting service for many Fortune 1000 companies.  Officials at Accenture and Symantec Security Transformation Services &#8212; a joint organization unveiled by the two companies yesterday &#8212; said the need to eliminate &#8220;silos&#8221; between compliance projects was a key driver for the partners&#8217; venture.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;Enterprises are doing all of their compliance work in silos, and they aren&#8217;t seeing the commonality between [the projects], particularly in the area of security,&#8221; says Stephen Barlock, North America security lead at Accenture.  &#8220;The net result is that their compliance efforts are much too complex.&#8221;<\/p>\n<p>Enterprises are also finding that the costs of their compliance efforts are rising, not falling, because of the growing number of independent, and sometimes redundant, regulatory efforts, says Mark Perry, vice president of global consulting services at Symantec, who will head the joint venture.<\/p>\n<p>SOX and the Gramm-Leach-Bliley Act (GLBA) mandate data protection, but don&#8217;t give any IT specifics.  The Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry (PCI) standards outline more specific requirements.<\/p>\n<p>&#8220;What we encourage companies to do is build a matrix of the requirements,&#8221; says Chris Apgar, president of Apgar and Associates LLC, a compliance consulting firm.  If they meet the most stringent security requirements on the matrix in each category, the result should be a security platform that meets the compliance mandates of all of them.  For example, if you look at SOX and GLBA, they don&#8217;t say much about encryption,&#8221; Apgar says.<\/p>\n<p>Accenture and Symantec are working on a way to automate the process of correlating the security requirements of each regulatory mandate and identifying the most stringent elements, says Accenture&#8217;s Barlock.  &#8220;With this joint venture with Symantec in place, though, we think the days of doing this manually are numbered.&#8221;  &#8220;If you want to encrypt email, a $250,000 package from Tumbleweed is a pretty sure thing to pass an audit,&#8221; he says.<\/p>\n<p>http:\/\/www.darkreading.com\/document.asp?doc_id=106910&#038;WT.svl=news2_5<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"class_list":["post-1673","post","type-post","status-publish","format-standard","hentry","category-regulations"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1673","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1673"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1673\/revisions"}],"predecessor-version":[{"id":4160,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1673\/revisions\/4160"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1673"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1673"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1673"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}