InformationWeek
Business Innovation Powered By Technology
Powered by InformationWeek Business Technology Network
Topics:
Security
Security And (Or) Regulatory Compliance
David Mortman, who I last spoke with while he was CISO at Siebel Systems (prior to the Oracle acquisition) is a regular speaker on the infosec beat, and he knows something about grappling with compliance issues. Mortman has an excellent take on the issue, which he has posted on (former Gartner analyst) Rich Mogul's security blog, Securosis. He outlines the importance of what he labels the three elements to leveraging compliance for security. They are separation of duties, need to know, and change management. These are areas where compliance efforts can aid IT security. While attaining those attributes is challenging enough, perhaps, in my opinion, the organizational communication aspects of security and compliance are the hardest part. Here's Mortman's take on the importance of communication. Technology may enable -- or inhibit -- change, but it does not drive change. Consistent communications must exist, however, between functional areas (e.g., information technology) and lines of business (e.g., product engineering or consumer loans). Such communication facilitates incremental adjustments in technology deployment that must be recorded in system configuration documents, process updates, and business continuity plans. The continuous realignment of IT and business practice is comparable to the quality movements in manufacturing processes. Keeping incremental changes in technology deployments is hard enough, but can be (albeit not trivially) answered with change management databases and similar single sources of truth. The long-term difficulty is maintaining an organizational attitude of teamwork, where people aren't defending turfs, but working toward the betterment of the entire company. Mortman's post on Leveraging Compliance For Security can be found here. « Vista's Anytime Upgrade Is An Every-Time Hassle | Main | Exit One Format War, Enter Another » |
| Sign Up Now For InformationWeek News Alerts |
This is a public forum. United Business Media and its affiliates are not responsible for and do not control what is posted herein. United Business Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.
Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of United Business Media LLC and may be edited and republished in print or electronic format as outlined in United Business Media's Terms of Service.
Important Note: This comment area is NOT intended for commercial messages or solicitations of business.
