You get the call from the boss you have been dreading for weeks. “Jimmy, it’s time to add FISMA to our control set, and we need to be compliant in three weeks. GO!”
Great, another compliance initiative to work into the alphabet soup of controls-pain that haunts security professionals. More standards means more work to make sure that the standard control set you use in your organization will cover any new requirements you face. Compliance and Security frameworks often overlap, and usually just have a small number of requirements that are unique to the industry or data type protected.
I recently had a great conversation with Dorian Cougias from UCF and he turned me on to one of his projects, the Common Controls Hub. I’ve been aware of the great work that Dorian and his team have been doing over the last decade, but the Common Controls Hub was a new one for me. I’ve been heads down on security outside of compliance (or fielding PCI DSS questions, representing just one initiative), so when I got to see this thing in action, I was pleasantly surprised. It’s what I think many of us have been waiting for….
Does the term regulatory compliance make your stomach churn? If so, you certainly aren’t alone. In the recent CSO article ‘Compliance fatigue’ sets in, author Taylor Amerding writes, “many organizations feel like they are drowning in such a sea of regulations that constant compliance with them all doesn’t give them much time to run their usual business.”
Because many regulations pertain to information systems, it’s all but impossible for IT to escape involvement in implementing and maintaining controls and participating in audits that verify the veracity of those controls. In fact, technologists and corporate lawyers can find themselves working closely to interpret a regulatory mandate and ensure the chosen IT control (for example, system logging) is sufficient to meet the mandate.
Depending on the size, industry and nature of a business, a company may need to comply with just a handful of mandates, or possibly with dozens. Multinational corporations also have to…. continue reading
Need to comply with different regulations, standards and guidelines? The process can be painful and expensive when stakeholders work in silos and duplicate efforts. To remedy this, Software AG has integrated the Unified Compliance Framework (UCF) with its market-leading ARIS Governance, Risk and Compliance (GRC) Management Platform. Learn how this integration helps you streamline work, simplify regulations requirements, provide internal and external transparency, and better manage and mitigate risks.
With Craig Isaacs, CEO of Unified Compliance and Michiel Jorna, Director, Global BPA & GRC Solutions of Software AG
With Dorian Cougias, Compliance Scientist and co-founder of Unified Compliance, Yo Delmar, Vice President, GRC Solutions at MetricStream and Joesph Devita, Partner at PricewaterhouseCoopers LLP.
Join this webinar to learn:
With Craig Isaacs, CEO, Network Frontiers and Vinaya Sathyanarayana, IT GRC Product Manager, MetricStream.
Approaches and methods to creating audit questions
A Dorian Cougias Learning Module