Report and monitor...

 
 
By Patrick Kerans  |  Posted 2008-06-25 Email Print this article Print
 
 
 
 
 
 
 


5)  Continuously report and monitor

How companies, auditors, and regulators structure how reporting is done-what is reported to who, how often, and why, will ultimately distinguish the leaders from the laggards. For example, The Federal Information Security Management Act and industry mandates such as PCI are quickly moving in the direction of determining of compliance as a function of whether proper controls were in place and working at the time of a violation, rather than at the time of the last audit.

The practical logic of that approach makes a lot of sense in light of the first widely reported (possible) breach of personally identifiable information of by Geeks.com, which occurred despite a Scan Alert. "HackerSafe" certification displayed on its homepage. According to ScanAlert, there were several instances when Geeks.com was in fact out of compliance with their requirements for HackerSafe certification and the seal was revoked, and that it was during one of those instances when the breach most likely occurred. Just goes to show, compliance is a process-an ongoing process-not an event.

Despite the fact that risk and compliance management leaders reap the benefit of lower costs and higher productivity than their peers, according the IT Policy Compliance Institute, 9 out of 10 firms struggle with high rates of annual compliance deficiencies, business disruptions, data losses and thefts that could be prevented with better implemented IT policy compliance, risk, and governance programs.  

In other words, "leaders" are still few and far between, and there is plenty of room for more.  Ironically enough, if you follow the logic presented in these surveys, future leaders are going to be the ones with a high enough risk tolerance to make the people, process, and technology investments required to win the race. Is your company a leader or a laggard? Would it risk competing on risk? Can it afford not to?

Patrick Kerans is vice president of marketing at Agiliance. His responsibilities include marketing communications, demand creation, analyst and press relations, product strategy, and product and channel marketing.

Prior to joining Agiliance, Kerans served as head of marketing for Counterpane Internet Security (now BT Counterpane) in the managed security services market. Kerans has held management at Lotus/IBM and executive marketing positions at Altaway, which he co-founded, in the mobile data space. Prior to that, he held managing consultant roles at A.T. Kearney/EDS and Arthur D. Little, Inc.

Kerans holds a Bachelor of Science degree in Engineering from the University of Massachusetts, Amherst. He can be reached at pkerans@agiliance.com.



 
 
 
 
Patrick Kerans is vice president of marketing at Agiliance. His responsibilities include marketing communications, demand creation, analyst and press relations, product strategy, and product and channel marketing. Prior to joining Agiliance, Kerans served as head of marketing for Counterpane Internet Security (now BT Counterpane) in the managed security services market. Kerans has held management at Lotus/IBM and executive marketing positions at Altaway, which he co-founded, in the mobile data space. Prior to that, he held managing consultant roles at A.T. Kearney/EDS and Arthur D. Little, Inc. Kerans holds a Bachelor of Science degree in Engineering from the University of Massachusetts, Amherst. He can be reached at pkerans@agiliance.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel