Avoiding 7 Common Mistakes of IT Security Compliance

Tuesday, August 16, 2011

Sasha Nunke


Free Guide: Avoiding 7 Common Mistakes of IT Security Compliance

Compliance is a key driver for deployment of IT security controls, and many organizations are pursuing automation to improve accuracy and lower costs of fulfilling requirements.

Automating controls is not just laudable – it’s essential for finding and fixing a myriad of vulnerabilities that enable criminals to breach enterprise IT, disrupt electronic business processes, and steal confidential business and customer data.

But automation alone is not a panacea for compliance. Organizations must also associate deployment of automated security solutions with common sense operational strategies to ensure success.

At the most basic level, there is no single standardized framework or terminology that explicitly defines what your organization must do for compliance. Instead, there are many frameworks with conflicting requirements.

Terminology is often vague or interpreted differently within organizations and between geographic regions.

Ambiguity abounds due to lack of a universal philosophy of compliance. A big challenge for security professionals is navigating this ambiguity, especially when financial auditing terms such as Governance, Risk and Compliance (GRC) are loosely applied to IT security solutions.

Let the buyer beware!

Currently, there is no single standard framework that explicitly defines what your organization must do for compliance. A big challenge for IT security professionals is navigating this ambiguity and achieving the organization's compliance goals effectively and on budget.

This guide covers seven typical IT security compliance errors and outlines the best practices you can immediately apply to your environment to help your company achieve compliance.

Download this Free White Paper HERE

More complimentary White Papers Available from Qualys:

Web Application Security: Minimizing the Risk of Attacks

Strategies For The Efficient CISO

The Big Shift to Cloud-Based Security

Top 10 Reports for Managing Vulnerabilities

Managing Risk and Keeping Your Network Secure

Understanding and Selecting a Database Assessment Solution

Possibly Related Articles:
Information Security
Compliance Enterprise Security Governance Guidelines Qualys Automation
Post Rating I Like this!
Anders Reed-Mohn So called articles / blog posts like this makes me doubt the usefulness of allowing vendors / commercial interests into communities like Infosecisland.

This post is a simple ad, it shares absolutely no information, and only serves as a bridgehead to a registration page. That just doesn´t go along with the notion of an information sharing community.
This stuff belongs among the banners and should not be (falsely) masked as content.

Note that I have nothing against Qualys, or that they want to do their marketing. It´s just this approach I find somewhat deceptive and unproductive.
Ken Major Agreed!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.