BreachExchange mailing list archives
Laws Could Force Businesses To Rethink Compliance
From: Christine Fulgham <christine () opensecurityfoundation org>
Date: Thu, 14 Oct 2010 15:53:37 -0400
http://www.darkreading.com/security/management/showArticle.jhtml?articleID=227701206&cid=RSSfeed_DR_News *New RSA, SBIC report provides guidelines for businesses in 'new era' of compliance * Oct 12, 2010 | 04:13 PM *By Kelly Jackson Higgins* *DarkReading* [...] "A New Era of Compliance: Raising the Bar for Organizations Worldwide," written by RSA and the Security for Business Innovation Council (SBIC), analyzes how new legislation and more legal muscle behind regulations are forcing businesses to change how they approach compliance. The report highlights how tougher enforcement, more data breach notification laws emerging around the globe, more prescriptive regulations, and increasing requirements for making enterprises responsible for the security of their data even when a business partner handles it are requiring businesses to look at compliance as a strategy, not just a necessary evil. [...] In the report, the SBIC, which is made up of Global 1000 security executives from JP Morgan Chase, T-Mobile USA, eBay, BP, FedEx, Time Warner, EMC, Cigna, and other firms, offered several recommendations for enterprise security teams in what it calls a new era of compliance. "As more regulations are introduced, the rules are becoming increasingly prescriptive," said Art Coviello, executive vice president at EMC president of RSA, the security division of EMC, in a statement. "Regulators are making it clear that you're on the hook for ensuring the protection of your data at all times, even when it's being processed by a service provider. Going forward, it will be impossible to hide information security failings as legislators force transparency and data breach disclosure becomes a global principle." Among the recommendations by the SBIC: 1. Embrace risk-based compliance. Set up a program where everyone, from business-process owners and the board of directors, get the information needed to make risk decisions; 2. Establish an enterprise controls framework. Create a consistent set of controls across the organization that maps to regulatory requirements and business needs; [...] The report is available for download here<http://www.rsa.com/innovation/docs/CISO_RPT_1010.pdf>.
_______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Take CREDANT Technologies short survey on cloud usage and security. Take the survey: http://www.surveymonkey.com/s/TXDR7WT Respond by October 12, 2010. Enter to win a $500(US) Amazon Gift Card.
Current thread:
- Laws Could Force Businesses To Rethink Compliance Christine Fulgham (Oct 14)