This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

RSA Europe: Compliance is a bi-product of a well-managed system

Share this article:

Efficient compliance can be achieved by having a well-managed security system.

Speaking at the RSA Europe Conference in London, Art Coviello, president of RSA, The Security Division of EMC and executive vice president of EMC, claimed that there is a need to embrace risk-based compliance and focus on the most complex analysis and risk.

He said: “Have a holistic view of your environment, set adequate controls and streamline and automate complex processes.”

He pointed to a recent report that offers recommendations 'to help organisations align their programs to the heightened demands of the new compliance landscape'. This included seven points that recommend strategies:

1. Embrace risk-based compliance: Build an effective enterprise program that provides everyone in the chain - from individual business process owners to the board of directors - with all of the multi-faceted information needed to make risk decisions.

2. Establish an enterprise controls framework: Create a consistent set of controls across your enterprise that is mapped to regulatory requirements and business needs.

3. Set/adjust your threshold for controls: Determine the 'right' level of security controls and gauge the prevailing industry standard to meet the legal requirement for 'reasonable and appropriate' security measures.

4. Streamline and automate compliance processes: Establish an enterprise governance, risk and compliance (eGRC) strategy that consolidates all of the information necessary from across the organisation to manage risk and compliance and provide visibility into controls.

5. Fortify third-party risk management: Move away from 'boilerplate' security agreements and towards comprehensive third-party strategies that focus on: diversification, due diligence, rigorous contractual requirements, consequence management and governance.

6. Unify the compliance and business agendas: 'Operationalise' compliance and develop the organisational structure required to fully embed compliance into the business and align it with the organisation's highest-priority goals.

7. Educate and influence regulators and standards bodies: Educate legislators and constructively affect regulation to avoid overly prescriptive rules that will cripple business.

“The security industry does not have a system that integrates people, process and individual security controls that can be managed with the same kind of correlated, contextual and comprehensive view used by the aviation industry to guarantee the safety of our airways. Information security management needs to function as a system capable of effectively and efficiently managing our information infrastructures, providing visibility, manageability and control across all three domains – physical, virtual and cloud. We need a system that enables us to close the gaps of protection and apply controls in a more holistic, systemic manner, centralising management not just for some vendor controls, but for all,” said Coviello.

Tom Heiser, chief operating officer at RSA, also likened security systems to air traffic control and said that there is no system to process people such as there is with planes. He said: “A system is composed of critical components and IT teams are stranded with managing policy and often, clustered with different tools saying what is good and what is bad.

“In the end the goal is to simplify management and enhance alignment between the security team responsible for defining security policy and the operations team charged with implementing that policy. By integrating these technologies, systems and feeds, we enable a holistic approach to risk management and compliance; a single view to the most important security and compliance elements across the entire IT environment.  In effect, we've built our version of air traffic control for the traditional information infrastructure.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Chinese hackers steal confidential documents on Israeli missile defence system

Chinese hackers steal confidential documents on Israeli missile ...

Chinese hackers comprised the computer systems of three Israeli defence contractors between 10 October 2011 and 13 August 2012 in order to steal hundreds on confidential documents on Israel's Iron ...

Security researcher finds exploitable flaws in 14 antivirus engines

Security researcher finds exploitable flaws in 14 antivirus ...

Joxean Koret, a security researcher at Singapore-based consultancy COSEINC, has found exploitable local and remote flaws in 14 of the 17 major antivirus (AV) engines used by most major AV ...

Russian government promises £60k bounty to Tor hackers

Russian government promises £60k bounty to Tor hackers

The Russian Ministry of Internal Affairs (MVD) is offering a 3.9 million ruble (approximately £64,600) reward to anyone who can find a way of identifying and tracking users of the ...