Don’t assume compliance equals security

Don’t assume compliance equals security

Tags:   compliance  Datacraft  IDC research  Internet security  PCI-DSS  wireless networks

By Victor Ng | Feb 4, 2010

IT security breaches in recent years have highlighted the fact that compliance with certain legislation and regulations does not necessarily equate to being secure.

So says Datacraft’s general manager for security solutions, Matthew Gyde. “The scale of electronic crime in the area of wireless networks and the Internet is expanding geometrically. An American retailer lost 45 million credit card details as a result of electronic crime. The hacker was charged with two further hacking offences, bringing to over 130 million the total number of card details stolen. One of the victims – a payment card processing company – passed a PCI-DSS audit the month before card details were stolen from its systems.”

Today, cybercrime is big business, and incidents like these underscore the findings in research that Datacraft commissioned IDC to carry out in 2009, which shows a prevalent attitude among organizations: most begrudge investment in compliance and will do the absolute minimum required by law or industry regulatory bodies.

They also believe that being compliant is being secure.

“In fact, compliance is very narrowly focused, whereas good security encompasses compliance – and extends beyond it, ensuring that organizations are best placed to deal with both known and unknown threats,” Gyde explains.

The primary research into IT security – carried out by IDC covering 407 companies in 18 countries in Asia Pacific, Western Europe, the Americas, and the Middle East and Africa – reveals that large organizations (1,000+ employees) are more compliant than midsized organizations (500 -1,000 employees).

Eric Domage, IDC EMEA program manager, European security products and strategies, found interestingly that very large organizations throughout the world, organizations in the Americas, and the public sector are more concerned about security regulations than other sizes of organizations, regions, or market sectors.

The research also shows that the regulations which most concern organizations are those related to general privacy (often local in origin), followed by healthcare privacy laws – because of specific requirements for personal confidentiality, and Personally Identifiable Information (PII) protection.

Gyde concurs: “This leaves an enormous range and number of organisations that simply aren’t doing enough to be compliant or secure. What they don’t realize is that being compliant is not simply a matter of preventing theft of organizational and customer data. Indeed, it has a direct impact on an organization’s reputation.”

 
 
12

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <img /> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>
  • Lines and paragraphs break automatically.
  • Use <!--pagebreak--> to create page breaks.

More information about formatting options

 

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Today's top security priorities
Attacks based on vulnerabilities in websites are skyrocketing, and not many solutions are available to protect organizations against them. How do you deal with this and other key security issues today?
Taking a holistic business-centric approach to security
Today’s CIOs face multiple challenges, including the need to innovate in an extremely competitive business climate, address highly dynamic regulatory and compliance challenges, speed ROI to counter shrinking IT budgets, and secure their organizations against a wide barrage of sophisticated threats.
 
 
 
UTM product offers Logansport Savings Bank superior protection
Astaro Security Gateway’s IPS was able to block attacks that other intrusion prevention systems (IPS) missed at Logansport Savings Bank.
Hong Leong Financial opts for Juniper Networks at new Malaysia head office, data center
Hong Leong Financial Group Berhad builds complete and seamless data center and office network infrastructure with Juniper switches, security devices and Junos software.
 
 
 

Recent popular content

Most Read
Merging SIM and IAM systems
WhiteHat Security reveals top 10 Web hacking techniques
Zeus botnet temporarily disrupted
Social networking sites are phishing traps
RSA conference tackles social networking

Site map
Search Security Asia
About Us
Print/Digital Subscription
Sales
Feedback
Security Tips
Expert Opinions
Research
White Papers
Case Studies

Blogs
Topics
Application security
Disaster recovery and business continuity
Identity management and access control
Information security careers, training and certifications
Topics
Network and Internet Security
Security best practices
Security threats
Surveillance and facilities management
Media
Videos
Podcasts
Webcasts
News
RSS