Adoption of such a framework simplifies communication, validates the controls with auditors and regulators, and reduces the effort required (and, therefore, the cost to the organization).
Automate to reduce costs – In its recent survey, SecurityCompliance.com found that two-thirds of firms are attempting to automate audit procedures and IT security controls to help reduce labor costs and allow IT to focus on more productive endeavors. (The same survey found that one-quarter of firms continue to rely on manual methods.)
Apply best practices – Research conducted by SecurityCompliance.com has helped to identify best practices in IT compliance. The following actions have been shown to improve results for IT security and regulatory compliance:
1. Conduct internal regulatory and IT security audits at least monthly. 2. Spend at least 25% of IT staff time on regulatory compliance. 3. Allocate more than 10% of the IT budget to IT security. 4. Establish clear objectives and measure results at regular intervals. 5. Automate compliance and IT security controls and procedures with IT technology tools.
Establishing and sustaining IT compliance is a journey, not a destination. Today´s enterprises need to evolve their compliance efforts from ad hoc projects to cost-effective and efficient processes that can be applied across various compliance initiatives involving the security and availability of information.
By James Hurley, executive vice president of research for the Security Compliance Council, www.securitycompliance.com, and a senior director of research at Symantec Corp., www.symantec.com. Hurley previously served as the vice president of the risk, security, and compliance practice at the Aberdeen Group.