Need to consolidate information security compliance efforts? Try open source.

Friday, March 12, 2010

Ted LeRoy

E4b33dbe234685965beb3e9f2a0ad456

Many organizations have to comply with multiple regulatory requirements for their information security infrastructures.  Fragmented efforts to comply Sarbanes-Oxley (sarbox or SOX), Gramm Leach Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA),  Payment Card Industry - Data Security Standard (PCI-DSS), and ISO 27000 series, to name a few, can result in costly duplication of efforts, or worse, security holes due to the confusion of so many resources trying to tackle similar or the same problems.

Although many commercial tools are available to unify compliance efforts and to audit them, they come with a price tag that is too high for many small to medium sized businesses.  

As with so many problems, large and small, an open source alternative exists.  The Security Officers Management and Analysis Project[1] hosts a suite of tools including Risk Methodology[2], Risk Model[3], and Risk Framework and Tool[4] designed to help organizations meet compliance needs without duplicating efforts.  For the Risk Framework and Tool (ORICO), there is a web client for enterprise efforts, and a desktop client for smaller organizations.

Before making a huge expenditure on a commercial tool, or throwing up your hands because you can't afford to consolidate compliance (what a horrible catch 22, you can't afford to reduce cost!) give SOMAP.org's tools a try.

If it doesn't have a feature you need, join the project and make it a reality.

[1]http://www.somap.org/default.html

[2]http://www.somap.org/methodology/default.html

[3]http://www.somap.org/orimor/default.html

[4]http://www.somap.org/orico/default.html

Possibly Related Articles:
7819
Budgets Enterprise Security
Compliance Budgets Open Source
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.