James Randell is Back
July 20th, 2010
James Randell from IBM is back again and answers the questions regarding IT Security – managing the risk and IT security for smaller and mid size companies. One of the questions is: It is very difficult to get straight answers about exactly what I need to do to comply with an industry-specific regulation. View James’ answer below.Part of the problem here is that compliance framework and compliance requirements can often be given scary names. For example companies, who are trading with North American entities, are affected by some compliance regulations known as Sarbanes Oxley. In the credit card and payment space there’s a set of standards called the payment card data security standard. There are regulations such as Basel II in the financial services industry etc. The thing to remember about these, is that when you look at all the different regulatory and compliance frameworks, most of them share so much common ground, they’re really all based on common sense and best practice at the end of the day. Providing you are approaching your security policies and processes and tool deployments from a best practice and common sense point of view, you’re actually likely to be complying with the greater part of nearly all compliance frame works. There are some specific industry variations though which you do need to be aware of, but they are mostly all about best practice and nothing to be too scared of.
Entry Filed under: Business