Resources for Federal Financial Institutions Examination Council (FFIEC)

Meshing Compliance with Security

www.baselinemag.com

The challenges and benefits of marrying regulatory requirements with smart information technology security practices.

The realities of today’s heavily regulated IT environment have forced a priority shift with IT security. Initiatives that once could never find a patron are now being funded, as organizations scurry to comply with regulatory demands. This has been a positive step for a lot of IT security practices, but there are some definite downsides.

The sad news is that some organizations have begun to equate compliance with security, assuming that the act of complying with standards such as the Payment Card Industry (PCI) Data Security Standard (DSS), and regulations such as the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act (SOX) or the Gramm-Leach-Bliley Act (GLB) automatically ensures sufficient security of IT infrastructure and data stores. But, as most grizzled security veterans will tell you, this is far from the truth.

View the Resource

Share or bookmarklet this web page at: