6 Steps for Ensuring Continuous Compliance in a Complex, Hybrid IT Environment

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10
Next 6 Steps for Ensuring Continuous Compliance in a Complex, Hybrid IT Environment-4 Next

Enterprise Security Policy

Define the enterprise security policy.

CISOs must define a single network security policy baseline that is unified across all vendors and platforms, on-premise, hybrid and in the cloud. The security policy should be based on the following:

  • Compliance with industry-independent regulations and standards such as the National Institute of Standards (NIST) Cybersecurity Framework, EU Data Protection Directive, ISO27000 (also known as "ISO27K") Information Security Management System (ISMS) requirements, Sarbanes-Oxley Act (SOX), etc.
  • Compliance with industry-specific regulations such as Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP), etc.
  • Internal governance requirements (e.g., whitelists and blacklists).
  • General best practices that the company observes.

CISOs and their network security teams are under increasing pressure to adhere to an expanding "alphabet soup" of regulatory requirements that have a direct impact on the enterprise network. On top of that, every business has its own internal policies and best practice workflows to follow. One way to reduce the compliance enforcement and audit-readiness burden is to work toward the goal of continuous compliance — attaining a state where all compliance requirements are met, and then continuously maintaining that state.

Even with the many challenges of managing today's complex IT environment, it's possible to achieve continuous compliance through proper organization, thorough processes and technology automation. In this slideshow, Ellen Fischl Bodner, Tufin, has identified six steps that are critical to ensuring continuous compliance.


Related Topics : A Big Market for Big Data Jobs, Midmarket CIO, IT Management Automation, SharePoint, Technology Markets

More Slideshows

Compliance4-190x128 GRC Programs: Building the Business Case for Value

Experience shows that organizations that manage GRC as an integrated program — involving people, processes and technologies — are more successful in delivering value to their organizations ...  More >>

IT_Man89-290x195 9 Tips for Running a 'Tween' Company

Advice and tips for entrepreneurs and companies that are no longer startups but not quite ready for an IPO, also known as "tweens." ...  More >>

IT_Man88-190x128 Top 5 Trends Affecting Women-Owned Micro Businesses

Learn more about the challenges and opportunities presented to women leaders, especially micro-business owners. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.