IT Compliance Advisor

May 8 2012   6:37PM GMT

Five corporate compliance program traits you need to prevent breaches

Kevin Beaver Kevin Beaver Profile: Kevin Beaver

If you look at news headlines, you’d think the sky were falling with all of the hack attacks and subsequent data breaches taking place. Just glancing at the Chronology of Data Breaches says it all. Every business is, arguably, a target, with both known and unknown vulnerabilities waiting to be exploited. But not every business is bleeding — you just have to be smart about how you approach a corporate compliance program. You can put years of work and hundreds of thousands of dollars into your compliance plan and one single oversight or misstep can cancel it all out.

Here are five things you can get started on today to ensure you don’t end up on the wrong side of a data breach:

1. I can’t stress enough the importance of getting the right people on board. You can’t manage compliance by yourself, and neither can any other individual in IT, security, internal auditing or management. All the right people need to aim for the right target at the same time, because every key player adds his or her own unique value to a corporate compliance program.

2. Understand what’s really at risk. Documentation isn’t enough, and neither is an IT controls audit. Many businesses haven’t even performed a basic security assessment. You have to dig in and see what can truly be exploited from the perspectives of a malicious insider and an external attacker.

3. Be careful how you approach management and “sell” corporate compliance. It’s not all about IT: It’s about the business and how you can best meet management’s needs, along with the needs of the regulators. Wherever possible, use technology to help continually keep all of the right people in the corporate compliance loop.

4. Have a plan. Imagine pilots and surgeons not having a Plan B when potential problems arise. Determine what “data breach” means to your business and then develop a basic incident response plan. You won’t regret having a contingency plan in place when data breaches occur.

5. Finally, remember that information security and risk management is not only about compliance and protecting personally identifiable information. This may be true for your specific job function, but not necessarily for the business as a whole. Most likely, there’s intellectual property that must be protected as well.

You’ve no doubt come across this advice before, but don’t dismiss it. It really works as long as you’re willing to put forth the effort. By focusing on what matters and being careful to avoid overlooking data protection in areas vital to your organization, you have the keys to a successful corporate compliance program.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: