Tactical Advice

IT Security Standards Should Migrate to Compliance Contexts — Quick Take

Many security standards remain unclear to some and are applied inconsistently.
IT Security Standards Should Migrate to Compliance Contexts — Quick Take

Here’s the funny thing about standards: They’re made to centralize people, but people often end up more decentralized after trying to adhere to them.

Adam Montville, a security and compliance manager for TripWire, observed that even though IT security standards such as CobiT 4.1, PCI DSS 2.0, ISO 27001, and NIST 800-53 are the norm, many people interpret parts of them in different ways.

This is true even at the most fundamental level of vocabulary used in the aforementioned IT security standards. Montville shares his experiences with colleagues:

I set forth some examples to my colleagues and one of them made an astute observation, having just studied for the CRISC certification: “I noticed that what we call a ‘Framework’ doesn’t always line up with their [ISACA] definitions. For example, ISACA calls CobiT, ValIT, and RiskIT ‘Frameworks;’ (sic) while PCI DSS is a ‘Standard’.” This is astute because it belies the fact that our industry hasn’t stabilized our vocabulary in the industry around these efforts and because some compliance sources straddle the boundaries we might like to impose.

Read more about IT security compliance standards in Montville’s post on the TripWire blog.

For more great stories from around the web, visit our list of 50 Must-Read IT blogs.

Sign up for our e-newsletter

Security

Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.