Most organizations today are being driven to provide some form of information security compliance beit regulatory, partner, internal audit, or from consumers demanding stronger programs to protect their personal information. Regulatory drivers such as Sarbanes-Oxley, HIPAA, GLBA, FERC, SEC regulations, and EU Data Protection are more common, but others have added to the frustration of compliance within an organization. Some of the lesser known, but just as powerful, regulations include California SB1386 dealing with disclosure laws, and AB1950 dealing with privacy statements on websites, and how consumer data is protected. Many other states have started to adopt similar requirements for businesses, proving that no one is exempt from regulatory compliance.
Partner compliance is being driving by such requirements found in VISA CISP, which applies to VISA merchants and credit card processing organizations. These aim to drive various levels of information security programs around administrative processes, audit functions, and technical controls to these downstream organizations. Many other partner organizations will push to demand more security downstream to limit their liability due to poor partner security programs.
Consumers are adding to the demand for mature security programs for those companies that they do business with. Many consumers are weighing the risks of doing business on-line verses the benefits that they receive. Identity theft has grown at such an alarming rate it threatens the future of on-line businesses, which in turn will increase expenses for businesses that rely heavily on "people-less" transactions.
In the past, organizations were able to react to security threats by simply applying a firewall or similar technology control. The threats were fairly simple compared with today, and the solutions viewed just as simple. But times have changed and solving the security equation is not singularly technical in nature. Organizations are being asked to build comprehensive security programs that take into account the needs of the business as it relates to compliance, policy, audit, technical controls, and management of the security environment. This switch from and IT focused process to a business focused process has caused a great deal of growing pains for organizations, and most are struggling to find a complete solution.
At Hispskind TSG we help companies build and manage compliance ready environments that are flexible and resilient to change. These environments offer the greatest protection against ever changing information security requirements, built on industry accepted frameworks and standards that are tailored to each client environment. Our proven BAM! Methodology is founded on a straight forward process of Build, Apply, and Manage. We apply a simple methodology to the very complex challenge of security compliance. Our combination of helping clients build their programs, applying technical controls, and managing the on-going process allows us to be the first decision in information security.
|
BAM! Methodology
|
Contact
