IT Trenches

May 10 2010   7:45PM GMT

Are you ready for “Legally Defensible” IT Security?

Troy Tate Profile: Troy Tate

It seems like the more I consider today’s information security environment, the more I feel like Ma and Pa Kettle negotiating a contract with a city-slicker. The math just seems to work differently depending on your audience. [kml_flashembed movie="" width="400" height="326" wmode="transparent" /].

I recently saw a graphic where CIO’s and CSO’s were asked if regulatory compliance has improved the organization’s security posture. As you would expect, the CIO’s strongly agreed with the statement while CSO’s leaned more toward strongly disagree.

Well, now another thought comes to us infosec professionals from the legal world. We are already under lots of compliance requirements like BASELII, SOX, HIPAA, PCI-DSS, FISMA and such. But now another thought we have to contend with is “legally defensible” IT security. I agree that this idea does have it’s merits trying to get everyone talking the same language of risk and management. It is challenging enough to get information security talking the business language, but now we have to learn legalese? I think I’ll look to see if can help out with that!

Thanks for reading & let’s continue to be good network citizens!

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: