InfoEdge Logo
Offering Select IT And Business Management Research
research@infoedge.com
800.544.7337 | 617.969.9080
Home Page About Us Contact | Questions Shopping Cart
Recent Reports Information Centers Free Research IT Business News and Articles CIO Strategy Center Browse Categories
Related Reports
Security Audit Program
The audit program is one that either an external auditor or an internal auditor can use to validate the compliance of the Information Technology organization and the enterprise to ISO 17799, Sarbanes-Oxley, HIPAA, and PCI-DSS.
IT Spending, Staffing and Technology Trends
The study tracks spending in ten industry and government sectors and provides objective and comprehensive data designed to assist IT and business executives in the financial and strategic management of information technology.
Options in Enterprise Backup
This report reviews the intricacies of backup practices and procedures, including security, business continuity, archiving and compliance.
The State of the Mainframe
Mainframe MIPS growth is averaging around 20% per year. This new report looks at the current state of this "legacy" system.
IP Telephony Solutions: Product Comparison Report
This report includes an overview of the enterprise IPT market, a comparison of nine leading IPT solutions, and a summary of the relative strengths and weaknesses of each product.
Regulatory Resource   Threat Intelligence      Resilient IT      Boardroom Strategies      
Resilient IT / Analytics and ROI

Making Compliance Part of the "IT DNA"

By Tom Schmidt

For today's enterprises, meeting the requirements of a variety of technical standards, IT governance frameworks, and laws related to security and administration have become a significant challenge. And as numerous industry experts have observed, the pressure to demonstrate compliance with such mandates will likely increase in 2007.

Today's compliance market is similar to the security market of the mid-1990s. Security used to be an afterthought. Companies built their networks and their IT infrastructure without very much thought of security. Once threats and vulnerabilities began to rise in the late '90s, the need for security was better understood. So security got bolted on, and today security is very much engrained in the IT fabric. Compliance is evolving the same way. In most cases, IT infrastructure, processes, and operations weren't built with compliance in mind. But with an increasing regulatory environment, companies have had to adapt very quickly. So today compliance is bolted on, but in the near future policy compliance will become part of the IT DNA.

A "top of mind" issue
Compliance is now a "top of mind" issue for enterprise customers, who are eager to reduce the cost and complexity associated with regulatory compliance through automation.

Software can be used to automate repetitive manual processes. More software equals fewer people, which in turn equals lower costs.

That equation appears to be underscored by the latest (2006) Ernst & Young Global
Information Security Survey, which found:

  • The impact of compliance continues to grow.
  • Compliance is promoting teaming between information and other functional business groups.
  • Compliance is improving information security.

The IT Policy Compliance Group's benchmark report (February 2006), which examined differences between leaders and so-called "laggards" in achieving compliance. According to the report, the three major drivers of performance results in achieving IT compliance are:

  • Frequency of internal audit and IT security monitoring Leaders audit for compliance on a continuous basis, at least once a month.
  • Time allocated by IT to compliance Leaders are spending 50% more time on compliance than laggards.
  • Spending on IT security Leaders spend 10% of the IT budget on IT security, while laggards spend less than 7% on IT security.

Conclusion
With high-profile data breaches and regulatory pressures showing no signs of diminishing, enterprises have a vital role to play in educating employees about the importance of good IT compliance and governance. For these organizations, policy compliance can truly become part of the IT DNA.

Tom Schmidt writes frequently about information security topics. He has more than 15 years' experience as a writer and editor in high-tech publishing.

CIO Strategy Center is a daily editorial resource offering innovative insights and strategies for building an integrated, secure and resilient IT infrastructure.

Articles by Topic
Network and Infrastructure
Analytics and ROI
Strategies
Related Content

Features

View More


Metrics

View More

Fast Fact

Leaders spend 10% of the IT budget on IT security, while laggards spend less than 7% on IT security.

-- IT Policy Compliance Group's benchmark report (February 2006)
Sponsor Tools

Resources

White Papers

View More


Podcast Audio Content

CIO Strategy Center is now available in audio format.

This week's feature topic is:


Preparing for a Disaster
Playtime: 8 min 07 sec



Download | Subscribe

Copyright © 2009 Studio One Networks. All rights reserved.
Geography Specific | Advanced Technologies | Industry Verticals | Executive Management | Information Technology | Human Resources | Telecommunications | Sales And Marketing | Finance | Hardware | Software | Web | Outsourcing | Top IT Priorities
home   |     site map   |     about us   |     privacy statement   |     research providers   |     contact us   |     categories

Entire contents ©2008 InfoEdge. All Rights Reserved.
Email: research@infoedge.com