 |
| Download
the New IDC White Paper on the differences between traditional and operational
BI - Click Here |
Recent Articles |
Collaborative Information Security Next?
Have anyone ever been on the phone with a client after the job, where the client wants more information, needs a copy of the report, or just wants to spend some time discussing the implications of the report that the company generated for them?
Windows Vista Picture Clearing Up
Two stories that have been making the rounds over the weekend:
Intel Creates Super-Spiffy New Chip
The latest prototype from Intel involves some very popular
buzzwords - "silicon," "hybrid," and "laser" are all present,
and the company's Silicon Hybrid Laser (HSL)...
The Buzz About Virtualization
There is a lot of buzz going around about Virtualization. What is Virtualization, and what benefits does it provide?
Troubleshooting Mistakes
The very first part of troubleshooting is identifying
the problem. That's not always easy even for skilled...
Mac OS X Ruby on Rails
I've been ignoring Ruby on Rails for a while now. Oh,
I knew I'd have to look at it sooner or later, but you know the old saying about old dogs and new tricks.
Yahoo Answering Users Again
A scheduled database upgrade took a turn for the worse
for the Yahoo Answers team, but the group valiantly...
How To Keep Your Office Live Domain
IPWalk
has found that Office Live has now registered over
60,000 domain names, and counting.
Rethinking the Web OS from a User's Point of View
[2006-04-27] When Tim O'Reilly and others began using
the term "Web OS" (or sometimes Internet
Operating System) to talk about the evolving landscape
of...
|
|
|
11.15.06
Legal Drivers, Cost Implications For Information Security
 By
Dan Morrill
Do the new laws really help information security, and raise the general overall level of security or are they just things to follow along with when being audited.
Most of us are familiar with Due Diligence and Due Care, in that companies do the best they can do with what they have depending on size, and the data that they need to protect. While many of the laws are customer centric, have they really made an impact on the information security business as a whole.
That starts the great debate on the value of laws like SOX, HIPAA, and GLB as well as the adoption of ISO standards like 17799 and 27001. The thought on this is that corporations have had to invest in their information security programs, and have done so, in light of the very public personnel data losses over the last 2 years. While best practices and international standards give good ideas, they are not a one-size fits all answer, even though being compliant with those standards is also a hot ticket to have. Companies will use the standard as a baseline of things they need to be doing, then modify and adjust that baseline to meet their own particular business models. Most information security and business is dependent upon the kinds of data that they generate, and the amount of data that they generate.
Most companies do have things in common, and that is where things like ISO 17799 and 27001 come in handy, it gives an excellent baseline for those items that companies do have in common. Laws like SOX, HIPAA, HB 1386 and others then take a more localized view of the company, SOX applies to best accounting and data management standards, while HIPAA works only with health care, while HB 1386 only works in California, and businesses doing business in California. The average mom and pop gas station supermarket will be barely impacted by these rules, while credit card processors, hospitals, and most major USA based businesses will work with SOX.
| Download
the New IDC White Paper on the differences between traditional and operational
BI - Click Here |
|
The investments then to meet these standards or legal requirements have shoved a lot of money into information security. The round table survey of 2004 indicated that the average company of fewer than five billion dollars (which is probably the majority of companies in the USA) would need to spend an additional 6,285 audit hours, or just over 3 additional people just to manage the audit for SOX. They also indicate that a company will have to spend an additional 1.9 million dollars per year to maintain compliance with SOX. That money is indirectly being pumped into information security and auditing systems. HIPAA is much the same way, as all the other rules and laws. The economic impact is there for people to pay attention to; as well, the incentives are there for companies to spend money on information security.
Finish reading this article
About
the Author:
Dan Morrill has been in the information security field for 18 years, both
civilian and military, and is currently working on his Doctor of Management.
Dan shares his insights on the important security issues of today through
his blog, Managing
Intellectual Property & IT Security, and is an active participant in the
ITtoolbox blogging community.
|
