Your first reaction after reading this overview piece at ComputerWeekly.com on the raft of compliance schemes now facing business might be to throw your hands up in helpless frustration.
Aside from spending big bucks on some of the enterprise-class compliance suites touched on in the article -- and for those of you at large enterprises, get your checkbooks ready -- how are you supposed to stay on top of PCI, Sarbox, the UK Data Protection Act 1998, ad nauseum?
The common-sense advice here is to start by getting your general security posture in line by adopting the International Standards Organisation's ISO 17799. Not that 17799 is the end game in compliance; sources quoted in the ComputerWeekly piece note that PCI is so granular to credit card processing that it simply must be tackled as a stand-alone concern.
But an ISO 17799 audit at least will let you get your hands around what you may be doing wrong, and stand as the starting point for more finely-tuned system and process enhancements. And the entry points to this process don't have to cost a lot of money.
Just so you don't start feeling too comfortable -- ComputerWeekly.com points to auto-lockdown systems employeed by the Pentagon as examples of where serious compliance solutions may be headed.