Home > InfoSec > Regulations Reaching Your Memory Stick

Regulations Reaching Your Memory Stick

Ari Tamman, VP at Promisec, sent me a draft of his article "Regulatory Compliance for Endpoints."  I’ll publish and comment on sections of it here on SecurityDreamer over the coming days.

Ari
writes:

Compliance
with various government regulatory acts such as Sarbanes Oxley, HIPAA, BASEL II
etc. has now become a legal requirement in many countries and is here to
stay. As such companies have been
spending more and more of their time and budgets to meet these requirements and
maintain their integrity and reputation.

[SH:
obvious, but accurate, Ari.]

Failure
to do so has already resulted in fines being levied on the executives of some
companies; these may be accompanied by severe prison terms of up to 20
years. The powers of regulatory bodies
are close to that of Inland Revenue agencies. In the UK,
for example, the financial services
regulator can use force to enter premises but only few businesses know this.

[SH: Yikes!]

The
regulations predominantly focus on the accuracy and integrity of financial
statements and the secure storage of sensitive customer and business data.
Further private legislation is also being introduced by individual countries
and individual states in the US with California
being at the forefront. The number of
new regulations passed as law by these entities does not just affect companies
that are located there but also companies that trade with citizens or companies
that are within their jurisdiction.

Regulatory compliance is here to stay and has an influential
impact on the entire IT infrastructure, including the endpoints therein. In
fact a recent Computer Crime and Security survey by the Computer Security
Institute (CSI) found that 50% of companies have increased their level of
interest in Information Security because of Acts like Sarbanes-Oxley

[SH: I didn’t know that FSA had jurisdiction like a federal
investigator. Interesting! So far, Ari is laying out a familiar
situation without too much hyperbole. Although everyone loses points for quoting the CSI surveys. I dunno…Is it just me? Or is the CSI/FBI
survey just hard to take seriously? Occasionally I get invited to be a respondent for the annual survey –
making it obvious how poorly qualified respondents are. 🙂 crap in-crap out as they say. But let’s get back to Ari’s argument in a day
or so…]

Advertisements
Categories: InfoSec
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: