This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

RSA Europe: Compliance is a bi-product of a well-managed system

Share this article:

Efficient compliance can be achieved by having a well-managed security system.

Speaking at the RSA Europe Conference in London, Art Coviello, president of RSA, The Security Division of EMC and executive vice president of EMC, claimed that there is a need to embrace risk-based compliance and focus on the most complex analysis and risk.

He said: “Have a holistic view of your environment, set adequate controls and streamline and automate complex processes.”

He pointed to a recent report that offers recommendations 'to help organisations align their programs to the heightened demands of the new compliance landscape'. This included seven points that recommend strategies:

1. Embrace risk-based compliance: Build an effective enterprise program that provides everyone in the chain - from individual business process owners to the board of directors - with all of the multi-faceted information needed to make risk decisions.

2. Establish an enterprise controls framework: Create a consistent set of controls across your enterprise that is mapped to regulatory requirements and business needs.

3. Set/adjust your threshold for controls: Determine the 'right' level of security controls and gauge the prevailing industry standard to meet the legal requirement for 'reasonable and appropriate' security measures.

4. Streamline and automate compliance processes: Establish an enterprise governance, risk and compliance (eGRC) strategy that consolidates all of the information necessary from across the organisation to manage risk and compliance and provide visibility into controls.

5. Fortify third-party risk management: Move away from 'boilerplate' security agreements and towards comprehensive third-party strategies that focus on: diversification, due diligence, rigorous contractual requirements, consequence management and governance.

6. Unify the compliance and business agendas: 'Operationalise' compliance and develop the organisational structure required to fully embed compliance into the business and align it with the organisation's highest-priority goals.

7. Educate and influence regulators and standards bodies: Educate legislators and constructively affect regulation to avoid overly prescriptive rules that will cripple business.

“The security industry does not have a system that integrates people, process and individual security controls that can be managed with the same kind of correlated, contextual and comprehensive view used by the aviation industry to guarantee the safety of our airways. Information security management needs to function as a system capable of effectively and efficiently managing our information infrastructures, providing visibility, manageability and control across all three domains – physical, virtual and cloud. We need a system that enables us to close the gaps of protection and apply controls in a more holistic, systemic manner, centralising management not just for some vendor controls, but for all,” said Coviello.

Tom Heiser, chief operating officer at RSA, also likened security systems to air traffic control and said that there is no system to process people such as there is with planes. He said: “A system is composed of critical components and IT teams are stranded with managing policy and often, clustered with different tools saying what is good and what is bad.

“In the end the goal is to simplify management and enhance alignment between the security team responsible for defining security policy and the operations team charged with implementing that policy. By integrating these technologies, systems and feeds, we enable a holistic approach to risk management and compliance; a single view to the most important security and compliance elements across the entire IT environment.  In effect, we've built our version of air traffic control for the traditional information infrastructure.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

VC cyber security funding tops £850 million

VC cyber security funding tops £850 million

A new study from US-based research firm CBI Insights reveals that corporate cyber security investments have risen five-fold since 2009, with 30 percent growth in the last year alone.

Russian/Chinese cyber-security pact raises concerns

Russian/Chinese cyber-security pact raises concerns

News that Russia and China are set to sign a cyber-security treaty next month have left Western cyber experts unsure whether it is a threat or a promising development.

UK police arrest trio over £1.6 million cyber theft from cash machines

UK police arrest trio over £1.6 million cyber ...

London Police have arrested three suspected members of an Eastern European cyber-crime gang who installed malware on more than 50 bank ATM machines across the UK to steal £1.6 million.