Article

Case Study: Standards-based compliance: A how-to guide

Dick Mackey
Dick Mackey, Principal, SystemExperts Corp., presented this session at Information Security Decisions Fall 2005.

Regulations such as SOX 404, GLBA and HIPAA are notorious for telling you what you need to accomplish, but not how to accomplish it. This session dives into the pros and cons of using standards such as COBIT, COSO and ISO17799 as the vehicles to improve regulatory compliance. Each of these standards has a different purpose, some extremely broad, others more focused. In thinking about security, in particular, one needs to navigate through the various standards to understand which parts overlap and how to meet the security requirements specified in them without wasting time and money. This session shows you how. We detail how the standards relate to specific regulations, the motivation behind each security framework, and their strengths and weaknesses. We also discuss how awareness of these standards can help improve your overall security approach, as well as your risk management program.

You find out:

  • Which standard is best aligned to which regulation
  • How security standards in general help you improve your risk management processes
  • The most useful parts of each standard
  • If you can safely ignore any parts of each framework

    Requires Free Membership to View

Download this presentation
Related Topics: SAP and GRC, VIEW ALL TOPICS

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: