Post by SecurityPlus on Sept 23, 2015 14:43:59 GMT
9. Avoid the Compliance Trap
After what some regard as the “cash cow” of Sarbanes Oxley (http://fl1.findlaw.com/news.findlaw.com/hdocs/docs/gwbush/sarbanesoxley072302.pdf), many information security consultants and product vendors would have you believe the sky is falling (Chicken Little Syndrome) and that new regulations like the PCI-DSS (https://www.pcisecuritystandards.org/tech/) are key to, and the future of information security. Companies should understand which regulations actually apply to them and what the real implications of those regulations are. Companies with comprehensive and effective information security programs will likely meet many, if not all of the requirements of most regulations today and those that may be lurking around the corner tomorrow. Companies should not fall into the compliance trap and should develop and maintain long term corporate information security programs. Most compliance issues are around establishing best-practice and there shouldn’t be too many variations on that.
-----------------------------
This is the main contents. Please refer the original contents.
Please comment on regarding modifications of subject, this content and
additional content.
1. Category needs to be deleted.
2. Revise Content : If the contents need to be revised, please kindly
inform us your opinion in detail.
3. New Proposals
After what some regard as the “cash cow” of Sarbanes Oxley (http://fl1.findlaw.com/news.findlaw.com/hdocs/docs/gwbush/sarbanesoxley072302.pdf), many information security consultants and product vendors would have you believe the sky is falling (Chicken Little Syndrome) and that new regulations like the PCI-DSS (https://www.pcisecuritystandards.org/tech/) are key to, and the future of information security. Companies should understand which regulations actually apply to them and what the real implications of those regulations are. Companies with comprehensive and effective information security programs will likely meet many, if not all of the requirements of most regulations today and those that may be lurking around the corner tomorrow. Companies should not fall into the compliance trap and should develop and maintain long term corporate information security programs. Most compliance issues are around establishing best-practice and there shouldn’t be too many variations on that.
-----------------------------
This is the main contents. Please refer the original contents.
Please comment on regarding modifications of subject, this content and
additional content.
1. Category needs to be deleted.
2. Revise Content : If the contents need to be revised, please kindly
inform us your opinion in detail.
3. New Proposals