IT Governance, Risk, and Compliance

Apr 14 2013   2:49AM GMT

Revisiting the Safeguarding of Information Assets – Part VII

Robert Davis Robert Davis Profile: Robert Davis

Generally, determining an entity’s legal mandates exceeds the security function’s ambit. Nonetheless, overseeing applicable legally required control composition, implementation and evaluation are occupational security imperatives.  To reduce potential negative effects of cross-compliance as well as multiple-compliance, management should seek assurance that relevant statutory, regulatory, and contractual requirements are adequately defined and documented for each information system.  As suggested in Enterprise Security: The Struggle to Manage Security Compliance for Multiple Regulations; although SOX, HIPAA, GLBA, and PIPEDA are prominent managerial legal topics, these are not the only mandates compelling entities to demonstrate compliance.

Source

Commission on Guidelines. Information Asset Protection Guideline. Alexandria, VA: ASIS International, 2007. http://www.asisonline.org/guidelines/guidelinesinfoassetsfinal.pdf (accessed April 21, 2008).

Hurley, Jim. Enterprise Security: The Struggle to Manage Security Compliance for Multiple Regulations. Cupertino, CA: Symantec Corporation, 2004.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: