Resources for Federal Financial Institutions Examination Council (FFIEC)

Compliance tops security chiefs' concerns

www.itweek.co.uk

Corporate governance and compliance remain the major concerns for chief information security officers (CISOs), despite the proliferation of other security themes that have dominated the headlines in recent months.

Speaking exclusively to IT Week ahead of this week's Microsoft CISO Council, Mike Grenham, BA's information security manager, argued that while data breach incidents have been in the public eye recently and are treated seriously, "from our perspective one of the biggest challenges is compliance with things like PCI and SOX".

But while compliance programmes can be perceived negatively by the business, they benefit the security function by providing CISOs with an opportunity to " get stuff done" and deliver an improved security capability, he added.

Indeed, many organisations would benefit from a more proactive approach to compliance, said Marc Rogers, performance and security manager at Vodafone. He argued that many firms still adopt a tick box approach, rather than a more strategic one which involves working within a consistent framework.

"I've seen organisations where SOX is dropped on the floor then they move on too the next audit du jour," he explained. "It should be an ongoing process."

View the Resource

Share or bookmarklet this web page at: