Posted by: Robert Davis
Information Assets Protection, Information Security, Information Security Governance, Information Security Management, IT Controls, Security Frameworks
Even when compliance requirements extend internationally, managerial responsibility to prevent and detect illegal acts continues without regard to organizational formation origin. Given this fiduciary obligation, an entity’s management typically utilizes policies, directives, procedures, standards, rules, validation and monitoring as control conduits to obtain reasonable assurance that security related illegal acts are prevented or detected on a timely basis.
Institutionalized ISG defines the information assets safeguarding perimeter inside which an entity should operate. Whereas, legal compliance management ensures structural boundary segments are sturdy and the entity consistently fulfills its mission within externally imposed demarcation lines. Aligning ISG with legal compliance management allows an entity to enhance cultural ethics while concurrently reducing judicial risks. Predicatively, laws will continue to be enacted and the regulatory environment will become more complex due to unacceptable conduct remediation. Consequently, entities will continue to be compelled to demonstrate compliance with legal mandates — especially laws governing data retention and privacy — that can differ by hemisphere, country, province, county, city, as well as industry. In this increasingly complex regulatory environment, most entities should balance their focus on compliance imperatives without diminishing anticipated response quality to governmental edicts.
Apgar, Chris. “Complying with multiple regulations and contending with conflicts.” Search400.com, September 6, 2005. http://search400.techtarget.com/tip/0,289483,sid3_gci1122854,00.html (accessed April 21, 2008).
Booz, Allen, and Hamilton. Convergence of Enterprise Security Organizations. N.p.: The Alliance for Enterprise Security Risk Management, 2005. http://www.issa.org/Downloads/ConvergenceStudyNov05.pdf (accessed April 21, 2008).