By some accounts, regulatory requirements such as the Sarbanes-Oxley Act have led physical and information security departments to work more closely with each other.
For instance, under Section 404 of Sarbanes-Oxley, executives at publicly held companies are required to attest to both the physical and logical controls they have in place for data centers where sensitive financial information is processed and stored, says Chris Pick, vice president of corporate strategy at Houston-based NetIQ Corp., a provider of integrated systems and security management tools.
Another regulation that may be helping to drive convergence is the Gramm-Leach-Bliley Act, which requires that financial services firms notify customers if there are any breaches in the security of customer information. The law has led physical and logical security groups at banks, brokerages and insurance companies to work more closely together to address threats to privacy, such as the theft of a laptop containing customer information or a hacker gaining access to sensitive customer data, says Dave Cullinane, president of the Information Systems Security Association.
See full Article.
Posts
