Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity

    Security Compliance Is Good Business

    By
    Jim Rapoza
    -
    April 26, 2004
    Share
    Facebook
    Twitter
    Linkedin

      As cyber-security problems worsen, theres been an increase in the chatter in the security community calling for the government to step in and help stem the tide of viruses, worms and hackers. The common response from businesses, software vendors and industry groups has been that the government should stay out.

      As Ive said before, much of the blame for security problems goes to virus writers and hackers, as well as to the software companies that fail to write secure code. Ive also often stated my opposition to any form of government intervention in IT issues, so the argument that the government should keep its nose out of the security problem does resonate with me.

      However, when I look at how businesses and technology vendors have been “improving” security, I cant say I like what I see.

      I do like some of the educational and base-line security recommendations that industry groups have been publicizing, such as TechNets Corporate Information Security Evaluation for CEOs. But many companies are not only ignoring standards such as these but also following practices that actually undermine general security.

      /zimages/3/28571.gifFor insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Security and law enforcement professionals often lament about companies that suffer severe security breaches but keep quiet about them. Yet now many e-businesses are being proactive in their security ignorance, writing disclaimers into site-use policies that absolve them of any blame if a hacker breaks into the site and steals personal data (even if site administrators knew beforehand that there was a security problem).

      Is this how businesses are planning to improve security without the intervention of government?

      Last November, I wrote about a draft bill from U.S. Rep. Adam Putnam, R-Fla., that would have mandated minimum standards of accepted corporate security for publicly traded companies. Putnam never introduced this bill in Congress, which many construed as Putnam folding under industry pressure.

      But Putnam didnt simply pull the bill. Instead, he formed a working group comprising security experts and industry representatives and asked the group to come up with steps that corporations can take to improve IT security.

      The group, called the Corporate Information Security Working Group, recently released a preliminary report on its recommendations. I dont agree with all the recommendations, but I do think the report is an important step toward improving IT security awareness.

      I do like the groups recommendations for trusted third-party security certification groups, as well as its recommendation for increased insurance protections for companies that take security precautions. This rewards companies that do the right thing and makes it more difficult for those that say, “Were not responsible even if we were negligent.”

      Right about now you might be asking yourself, “These recommendations sound fine, but what about a real law?”

      Well, its become increasingly clear that a new law isnt really necessary. It turns out that most of the current generation of corporate regulations already force companies to meet security requirements.

      As with HIPAA and health care organizations, public companies are now finding out that a big requirement for staying in compliance with Sarbanes-Oxley is improving security infrastructures—poor security could easily lead to a violation of the regulations. And the many companies that deal with the federal government are finding that they need to meet base-line security levels to continue doing business with the government.

      Hopefully, companies will listen to industry and government recommendations and realize that meeting basic security requirements is not just a cost of doing business but is also good business.

      Labs Director Jim Rapoza can be reached at [email protected].

      /zimages/3/28571.gifCheck out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis.
      Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page: http://us.i1.yimg.com/us.yimg.com/i/us/my/addtomyyahoo2.gif

      Jim Rapoza
      Jim Rapoza, Chief Technology Analyst, eWEEK.For nearly fifteen years, Jim Rapoza has evaluated products and technologies in almost every technology category for eWEEK. Mr Rapoza's current technology focus is on all categories of emerging information technology though he continues to focus on core technology areas that include: content management systems, portal applications, Web publishing tools and security. Mr. Rapoza has coordinated several evaluations at enterprise organizations, including USA Today and The Prudential, to measure the capability of products and services under real-world conditions and against real-world criteria. Jim Rapoza's award-winning weekly column, Tech Directions, delves into all areas of technologies and the challenges of managing and deploying technology today.

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×