Do's And Don'ts Of Compliance Policy Development

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/compliance/167901112/security/news/232900802/do-s-and-don-ts-of-compliance-policy-development.html

By Ericka Chickowski
Contributing Writer
Dark Reading
April 23, 2012

Compliance fatigue can afflict just about any enterprise today facing 
the growing list of regulatory requirements placing pressuring on their 
security practices. Sometimes it may seem that there is just not enough 
money or time to keep up. But governance, risk and compliance (GRC) 
experts believe that the key to bringing things into equilibrium is a 
solid foundation set by unified policies that can guide security 
standards and procedures to both minimize risk and comply with 
regulations now and in the future.

Unfortunately, many organizations today fail to do a good job 
establishing effective policies. Dark Reading recently talked to some 
experts in the industry, who offered some helpful tips on what 
organizations should and shouldn't be doing when developing their 
security and compliance policies.


Don't Get Bogged Down In Individual Regulations

"Organizations today have numerous government and industry-specific 
regulations that they need to be mindful of," says Andres Kohn, vice 
president of technology at Proofpoint. "The evolving regulatory 
environment becomes even more complicated due to multi-regulation and 
cross-border regulations."

Not to mention that Gartner's predicting that by 2014, 70 percent of IT 
risk and security officers in Global 2000 organizations will be required 
to report annually to the board of directors on the state of security, 
Kohn says. He believes that with so many individual requirements it can 
be easy to get mired in the details.

[...]


_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org