Tactical Advice
IT Security Standards Should Migrate to Compliance Contexts — Quick Take
Many security standards remain unclear to some and are applied inconsistently.
posted Dec 23, 2011
Here’s the funny thing about standards: They’re made to centralize people, but people often end up more decentralized after trying to adhere to them.
Adam Montville, a security and compliance manager for TripWire, observed that even though IT security standards such as CobiT 4.1, PCI DSS 2.0, ISO 27001, and NIST 800-53 are the norm, many people interpret parts of them in different ways.
This is true even at the most fundamental level of vocabulary used in the aforementioned IT security standards. Montville shares his experiences with colleagues:
I set forth some examples to my colleagues and one of them made an astute observation, having just studied for the CRISC certification: “I noticed that what we call a ‘Framework’ doesn’t always line up with their [ISACA] definitions. For example, ISACA calls CobiT, ValIT, and RiskIT ‘Frameworks;’ (sic) while PCI DSS is a ‘Standard’.” This is astute because it belies the fact that our industry hasn’t stabilized our vocabulary in the industry around these efforts and because some compliance sources straddle the boundaries we might like to impose.
Read more about IT security compliance standards in Montville’s post on the TripWire blog.
For more great stories from around the web, visit our list of 50 Must-Read IT blogs.
Security
Apple’s iOS 7 Makes Small bu... |
The overhaul and redesign of Apple’s mobile operating system are worth cheering about,...
Why Law Firms Should Live an... |
Firms shouldn’t allow unfounded security concerns to deter them from all the cloud has to...
How 3 Companies Disaster-Pro... |
Despite the havoc following Sandy, these businesses continued services with hardly a...
Storage
3 Questions to Help SMBs Pla... |
Before planning a backup strategy, here are three questions that can help set the...
How 3 Companies Disaster-Pro... |
Despite the havoc following Sandy, these businesses continued services with hardly a...
EMC World 2013: Software-Def... |
Storage virtualization is a key element of providing on-demand, flexible cloud services.
Infrastructure Optimization
Has Open-Source Technology G... |
The days of “open-source” being a dirty word could soon be a distant memory.
West Coast Customs Outfits B... |
The Technoliner gives businesses a hands-on experience with the latest productivity tools...
Spring Cleaning: Refresh Tip... |
Three financial businesses offer advice on optimizing computing operations.
Networking
Cisco Live 2013: Collaborati... |
The way work gets done is set to evolve once machines and sensors jump into the mix.
At the Core of a Thriving Bu... |
Companies find the ability to easily connect with customers and employees essential to...
5 Ways to Fix Common Wi-Fi E... |
Get expert pointers on how optimize your 802.11 network.
Mobile & Wireless
Businesses Go Mobile on Mult... |
A real estate agency and logistics provider tap devices that make their workers more...
How to Choose MAM Software |
Mobile application management solutions are still evolving, so heed these tips when...
The Droid Lawyer Advises Att... |
The open nature of Google’s mobile operating system makes it easy for nefarious apps to...
Hardware & Software
The Do’s and Don’ts of Email... |
A perfectly crafted email signature can make a great digital impression.
Shopping 2.0: N.Y. Retailer... |
Kate Spade and eBay have teamed up to provide a unique shopping experience that brings...
Apple’s iOS 7 Makes Small bu... |
The overhaul and redesign of Apple’s mobile operating system are worth cheering about,...