Case Study: Standards-based compliance: A how-to guide

This case study dives into the pros and cons of using standards such as COBIT, COSO and ISO17799 as the vehicles to improve regulatory compliance.

Dick Mackey, Principal, SystemExperts Corp., presented this session at Information Security Decisions Fall 2005.

Regulations such as SOX 404, GLBA and HIPAA are notorious for telling you what you need to accomplish, but not how to accomplish it. This session dives into the pros and cons of using standards such as COBIT, COSO and ISO17799 as the vehicles to improve regulatory compliance. Each of these standards has a different purpose, some extremely broad, others more focused. In thinking about security, in particular, one needs to navigate through the various standards to understand which parts overlap and how to meet the security requirements specified in them without wasting time and money. This session shows you how. We detail how the standards relate to specific regulations, the motivation behind each security framework, and their strengths and weaknesses. We also discuss how awareness of these standards can help improve your overall security approach, as well as your risk management program.

You find out:

  • Which standard is best aligned to which regulation
  • How security standards in general help you improve your risk management processes
  • The most useful parts of each standard
  • If you can safely ignore any parts of each framework

Download this presentation

Dig deeper on SAP and GRC

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchManufacturingERP

SearchOracle

SearchDataManagement

SearchAWS

SearchBusinessAnalytics

SearchCRM

SearchContentManagement

SearchFinancialApplications

Close