You don't want to hear it: 10 pieces of lousy security advice  
  SEARCH: Sign In | Register | Contact Us | Site Map | Home  

Resources for Gramm Leach Bliley Act (GLBA)

You don't want to hear it: 10 pieces of lousy security advice

computerworld.com

Sometimes a few words from a software vendor, potential partner or consulting security expert tell you everything you need to know about whose advice is worthwhile -- when it's best to smile and nod, or whether you need to interrupt and challenge someone who's seriously off the rails. Here are 10 telltale phrases that signal troublesome advice.

"Our software is HIPAA (SOX, etc.) compliant."

No, it's not.

Many security standards, such as the Health Insurance Portability and Accountability Act and the Sarbanes-Oxley Act, include requirements for the implementation and operation of a system. These detail the actual practice of protecting sensitive data, not just the type or design of security controls.

Proper security controls in a piece of software can support compliance with HIPAA, Sarbanes-Oxley or other regulatory requirements, but a direct claim of compliance-in-a-box is laughable. There's no way to box up a proven-compliant life cycle into an unimplemented piece of software without incorporating your data and experience.

View the Resource



Share or bookmarklet this web page at:



Google
Privacy Policy | Terms & Conditions | Support | Directory Links | Contact Us | Site Map | Home
Copyright © 2007-2008 ComplianceHome.com. A SUPREMUS GROUP venture. All rights reserved.