Best Practices for Merging Security and Compliance
Within many organizations today, security and compliance teams are running in isolation. This introduces significant enterprise risk, as the security team might be doing what’s best to combat advanced attackers, but their actions may not be in compliance with corporate, industry or federal guidelines. Similarly, the compliance team might be laser-focused on adhering to regulations, but their strategy might be introducing security risks. Tim Woods, VP of Technology Alliances at FireMon, outlines the challenges of operating security and compliance in silos.
Every compliance initiative – whether regulatory or internal – poses the same central question: Are you monitoring for change? While the question is a simple one, for many companies, the answer remains elusive.
Whenever there’s a data breach, compliance failure or system outage, the first thing business leaders want to know is: What changed? And, too often, the response from security and compliance teams is “nothing,” when, in fact, change is happening – they just don’t know about it. By no means are these teams attempting to mask the truth, they are simply being forthright with the limited information available to them.
Maintaining awareness of network and access changes…