Learning Center
Plans & pricing Sign in
Sign Out

30 seconds on


Forty-six states, Puerto Rico, the District of Columbia and the Virgin Islands have all passed legislation demanding notifi cation of security breaches involving personal information.

More Info
  • pg 1
									                                                                                         From the CSO’s desk

Breaking compliance down
Maurice Hampton
formerly information security     result, the individual controls                                         it is necessary to capture all
program manager, GE Corp.
                                  that have been identified in                                             of the process, controls and

   nformation security team       each regulation will need to be                                         regulation information in a
   strategies, budgets and        rationalized into one common                                            location that can be easily
   activities are frequently      control set.                                                              accessed and maintained.
driven by, or at least heavily       Of course, information                                                     Bringing this full circle,
influenced by, the need to         security likely will not have                                              information security organi-
comply with some regulatory       experts on all regulatory                                                 zations should spend time in
requirement. I am still amazed    requirements, so it is critical                                          the beginning creating a com-
by the number of organiza-        that those responsible act                                              pliance program as opposed
tions that still don’t have all   as internal ambassadors to                                              to reacting to ad-hoc requests
of the right people working       bring the necessary areas of                                            and one-off efforts to force
toward a singular goal of com-    expertise to the table. Then,                                           changes in behavior. Not only
pliance for the organization.     it will be important to make                                            will your organization likely
In many cases, the informa-       sure that the individual reps                                           spend less time and money
tion security function takes      take ownership for their part                                           complying with the regula-
on this role simply because no    of the entire effort. So, make                                          tions and standards, you will
one outside of internal audit     each member responsible for                                              be viewed as a thought leader
has the controls experience       not only the identification                                                playing a critical role in the
required.                         and breakdown of regulatory                                               success of the organization
   So let’s look at regulations   requirements into controls,                                             and providing a measur
To top