The InformationWeek -- Blogs
Security

Topics:   Security

  • Email this page E-mail this page
  • Print this page Print this page
  • Bookmark and Share
  • icon

A Time For Assessment


Posted by Mitch Irsfeld, Oct 4, 2005 11:28 AM

Having that queasy feeling in your stomach about the prospect of upcoming compliance audits? If so, good for you, it shows a healthy respect for the challenge ahead. But why not take advantage of some of the tools out there to get a snap shot of your audit readiness? What could it hurt, right? It might help to ease that acid stomach, and it just might turn up a potential problem or two that no one thought of. Either way, you win, and some of these tools are free.

Two compliance vendors last week brought out readiness evaluation tools and services. GlassHouse Technologies was up first up with its Compliance Readiness Solution, a package of evaluation services for CIOs that assess compliance readiness and identify and close potential gaps in companies' data handling procedures.

GlassHouse captures organizational requirements from corporate risk management, legal and audit groups and assesses an IT environment against those requirements.

The GlassHouse service isn't free, but BindView's new audit readiness assessment tool is. The BindView Compliance Assessment Tool is a free download that includes a set of survey questions, measurement criteria and associated controls. We'll have to see if the service remains free following Bindview's announced acquisition by Symantec.

And for $99 per regulation, Network Frontiers is offering a database of audit questions spanning 60 different regulations and standards.

The Good, The Bad And The Indifferent

How about some self-assessments? Here's an off-the-cuff reading on the effectiveness of Sarbanes-Oxley. Our most recent reader poll asked readers to review the impact of SOX now that audit time nears for the second time. I'll start with the good news: A third of the respondents indicated that the controls put in place to manage SOX compliance not only proved effective but returned a net gain by improving business process and exposing information that could have remained hidden without the new due-diligence.

Slightly less, 30 percent of the respondents said SOX efforts were a net loss, costing too much for the benefit derived from the new systems that have been implemented.

And slightly more, 36 percent, said the entire SOX compliance effort has been a wash, meaning any of the benefit derived from new systems, processes and resources devoted to SOX compliance is offset by the cost of implementation and administration.

In case you're wondering, when we asked these questions last year, 47 percent of the respondents said it was too early too tell. We didn't provide that option this time, because I refuse to accept it. Last fall, 26 percent of respondents indicated a net gain from their compliance management practices; only 17 percent said it was a net loss and 10 percent called it a wash.

Unfortunately, most of those who weren't ready to commit last time around have become net losers and the fence riders. But still, 69 percent of the current sample is finding at least break-even benefit from its efforts.

« Why Kids Aren't Going Into IT | Main | Web Development Made Easy: AJAX Gets An IDE »



Sign Up Now
For InformationWeek News Alerts




This is a public forum. United Business Media and its affiliates are not responsible for and do not control what is posted herein. United Business Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of United Business Media LLC and may be edited and republished in print or electronic format as outlined in United Business Media's Terms of Service.

Important Note: This comment area is NOT intended for commercial messages or solicitations of business.


 
 

  1. Sequential Programming: Like Eating Peas with a Straw.
  2. Biomolecular device using self-assembled DNA nanostructures?
  3. Coreinfo v2.0: A Simple Utility to Understand the Manycore Complexity in Windows
Join The InformationWeek Group On LinkedIn


                           


  1. More Reasons Why Linux Misses The Desktop
  2. Too Much Netbook For Too Litl?
  3. Verizon: $350 ETF Is A Go
  4. Motorola Explains Why Droid Doesn't Have Multi-Touch

  1. Florida Hospital Dials Up iPhones For Nurses
  2. Full Nelson: A Web Presence Needs Sizzle, My Nizzle
  3. Is Antivirus Software Dead?
  4. Practical Analysis: The Fastest-Growing Security Threat
  5. InformationWeek Analytics Research: Federated Search
  6. Securing The Cyber Supply Chain

 
  Ars Technica
Boing Boing
Channel 9 Forums
CRN Blogs
Dr.Dobb's Portal: Blogs
Engadget
Gizmodo
GrokLaw 		  Lifehacker
Schneier on Security
Slashdot
TechCrunch
Techdirt
Techmeme
Valleywag
  DECEMBER 2008
NOVEMBER 2008
OCTOBER 2008
SEPTEMBER 2008
AUGUST 2008
JULY 2008
JUNE 2008
MAY 2008 		  APRIL 2008
MARCH 2008
FEBRUARY 2008
JANUARY 2008
DECEMBER 2007
NOVEMBER 2007
OCTOBER 2007
SEPTEMBER 2007