Legislation, Regulation Not All Bad, Says Shorten

Lora Bentley

Legislation and regulations are good drivers for risk management best practices, according to Brian Shorten, a security and risk manager for Cancer Research UK. In a ComputerWeekly.com piece, he describes his effort in a prior position at a publicly traded company to improve access processes and policies by creating

an automated process whereby a leaver's notification would be matched against a user name on the database and the relevant administrator advised by e-mail that one of the users on his application may be leaving.

Though most everyone agreed that the idea was a good one and should be simple to implement, he said, none of the administrators would take the time to add their user lists to the database. No one was paying for that time, after all. So the project "floundered" for a bit.


Then came Sarbanes-Oxley, and along with it the real and perceived costs of non-compliance. Suddenly, Shorten said, everyone was happy to participate.


Sarbanes-Oxley doesn't apply to his current position, but since his employer receives donations via debit and credit cards, the payment card industry data security standard (PCI DSS) does apply. It has served much the same purpose as Sarbanes-Oxley did. Shorten says it, too, is a great motivator for implementing best practices with regard to data security.

Add Comment      Leave a comment on this blog post
Jan 18, 2008 9:35 AM Rajeev Rajeev  says:
Compliance is the risk reduction for customers and other stakeholders of the business, may also yeild some profitable insights and consequent BPE.http://tekno-world.blogspot.com Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.