Regulations Reaching Your Memory Stick
Ari Tamman, VP at Promisec, sent me a draft of his article "Regulatory Compliance for Endpoints." I’ll publish and comment on sections of it here on SecurityDreamer over the coming days.
with various government regulatory acts such as Sarbanes Oxley, HIPAA, BASEL II
etc. has now become a legal requirement in many countries and is here to
stay. As such companies have been
spending more and more of their time and budgets to meet these requirements and
maintain their integrity and reputation.
obvious, but accurate, Ari.]
to do so has already resulted in fines being levied on the executives of some
companies; these may be accompanied by severe prison terms of up to 20
years. The powers of regulatory bodies
are close to that of Inland Revenue agencies. In the UK,
for example, the financial services
regulator can use force to enter premises but only few businesses know this.
regulations predominantly focus on the accuracy and integrity of financial
statements and the secure storage of sensitive customer and business data.
Further private legislation is also being introduced by individual countries
and individual states in the US with California
being at the forefront. The number of
new regulations passed as law by these entities does not just affect companies
that are located there but also companies that trade with citizens or companies
that are within their jurisdiction.
Regulatory compliance is here to stay and has an influential
impact on the entire IT infrastructure, including the endpoints therein. In
fact a recent Computer Crime and Security survey by the Computer Security
Institute (CSI) found that 50% of companies have increased their level of
interest in Information Security because of Acts like Sarbanes-Oxley
[SH: I didn’t know that FSA had jurisdiction like a federal
investigator. Interesting! So far, Ari is laying out a familiar
situation without too much hyperbole. Although everyone loses points for quoting the CSI surveys. I dunno…Is it just me? Or is the CSI/FBI
survey just hard to take seriously? Occasionally I get invited to be a respondent for the annual survey –
making it obvious how poorly qualified respondents are. 🙂 crap in-crap out as they say. But let’s get back to Ari’s argument in a day