-
Moving Security Beyond Regulatory Compliance
Organizations today must comply with a greater number of regulations than ever before, many of which deal with information and system security. While the intent of these regulations is good, their proliferation is burdensome. Even more troubling, it is possible to be compliant but not secure. Based on our survey of 100 security, IT, and compliance professionals, this article proposes four principles for establishing a security program that goes beyond regulatory compliance. (5 pp., 6 figs.) [Executive Summary]
October, 2007
-
Start 2004 with a Sound Foundation for Enterprise Security
The new year means that IT managers will be applying new budgets toward solving all of the problems inherent in operating their systems. Although security spending represents a relatively small portion of the budget, careful application of those funds is essential in protecting both information and infrastructure. Computer Economics forecasts that about half of all organizations will be hit by at least one security attack during this year.
February, 2004
-
The Sarbanes-Oxley Act and Information Technology
For IT, the challenge to address compliance with Sarbanes-Oxley can be significant. This critical initiative may impact the schedule of IT projects planned for 2004 and is likely to have a noticeable affect on IT budgets over the next two to three years.
September, 2003