What Organizations Have Learned from Early Compliance Approaches
The escalating number of regulations with a clear information security impact has finally put enterprises on notice: information security is part of business risk and can no longer be left on the sidelines. Previously, few companies paid much attention to regulatory compliance, their "control infrastructure," or even information security. Now, however, organizations large and small are racing to assess, test, and document their internal controls for Sarbanes-Oxley, their security and privacy practices for HIPAA, or their basic security safeguards for GLBA, Basel II, Homeland Security, and dozens of other mandates.
In the midst of these time-consuming compliance projects, certain key facts are becoming apparent. Compliance is not an end-game; it is an ongoing effort. Therefore, the lessons learned today are going to be critical in achieving long-term compliance goals.
See full Article.