Writing for Security Magazine, Ariel Benjamin Mannes recently discussed the connection between security and compliance. See below for an excerpt of the article, and click here for the full article.
“Security executives have to be constant evangelists when it comes to preserving operational effectiveness. As most C-suite executives think in traditional budgetary mindsets, it’s hard to demonstrate the effectiveness of security when investments result in nothing happening. In the meantime, most executives think in terms of reacting to regulatory, legal or operational requirements, which is why increased staffing and budgets are being devoted to compliance, cyber and HR-related compliance, which may possibly be taken from security operating funds.
In examining this issue, look at the financial sector. The passage of the Sarbanes Oxley Act (SOX) in 2002 was a reaction to the sweeping Enron corporate fraud scandal, a law that prompted massive corporate compliance investments that spurred an IT investment that many viewed as a natural progression to the immense upgrades to cybersecurity in today’s CIO budgets. Major corporate investments in reaction to “scary” new regulation can be seen in the healthcare sector with policies like health information privacy (HIPAA) and ACA (Obamacare), education with education records privacy (FERPA), student disability (IDEA), Title IX and standardized testing (RTT), and with other policies relating to privacy laws, payment info (PCI), fair consumer practices (CFPB), stock trading regulations (SEC), bank secrecy (BSA), money-laundering (AML), and even ever-changing HR & accessibility (ADA) policies.”