IT Trenches

May 10 2010   7:45PM GMT

Are you ready for “Legally Defensible” IT Security?



Posted by: Troy Tate
Tags:
compliance
information security
infosec
legal
management
security strategy
strategy

It seems like the more I consider today’s information security environment, the more I feel like Ma and Pa Kettle negotiating a contract with a city-slicker. The math just seems to work differently depending on your audience. [kml_flashembed movie="http://video.google.com/googleplayer.swf?docid=-4215496701990923822#" width="400" height="326" wmode="transparent" /].

I recently saw a graphic where CIO’s and CSO’s were asked if regulatory compliance has improved the organization’s security posture. As you would expect, the CIO’s strongly agreed with the statement while CSO’s leaned more toward strongly disagree.

Well, now another thought comes to us infosec professionals from the legal world. We are already under lots of compliance requirements like BASELII, SOX, HIPAA, PCI-DSS, FISMA and such. But now another thought we have to contend with is “legally defensible” IT security. I agree that this idea does have it’s merits trying to get everyone talking the same language of risk and management. It is challenging enough to get information security talking the business language, but now we have to learn legalese? I think I’ll look to see if translate.google.com can help out with that!

Thanks for reading & let’s continue to be good network citizens!

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: