Going Beyond Checkbox Compliance: How to Make Compliance Improve Your Security

In today’s highly regulated environment, many organizations address compliance as one-off projects where the goal is to ‘get the box checked’ by the auditor. This inefficient approach results in time- and resource-intensive work to pour through as many as 40,000 spreadsheets just for one compliance initiative* that provides little value back to the organization. This multiplies exponentially when dealing with multiple regulations.

Achieving a level of compliance may be a requirement for your organization, but by itself is not a guarantee that your systems and sensitive data will be secure. Going beyond a checkbox compliance approach will ensure audits are passed and regulatory requirements are met, while streamlining operations, reducing IT risk and ultimately improving overall security.

In this roundtable discussion with Brandon Dunlap of BrightFly, Jeff Hughes of Lumension and Marcus Giese of RightNow Technologies, learn the keys to taking a risk-based approach and how to:

• Leverage compliance initiatives as a catalyst to improving security
• Identify areas of control weakness
• Prioritize IT risk to focus on what matters most
• Rapidly respond to those weaknesses
• Improve processes and augment controls

* Corporate Integrity, LLC, Foundations of GRC: Streamlining Compliance, May 2009