« What Makes a Top CIO? | Main | DTI Unveils New Research in Human Vulnerabilities »

The Global Compliance Environment

This Wednesday I'm delivering a keynote address at a CIPFA/ISACA Conference in Birmingham on Emerging Compliance Requirements. The subject of my talk is "The Global Compliance Environment", a subject that's already engraved on many security practitioners' hearts as international events, initiatives and interests generate wave after wave of new legislative and regulatory compliance requirements. Can we expect to see an end to the mounting compliance burden? Not in my view. In fact it's more likely that the demands will get broader, deeper and tougher, as governments, regulators and large organizations follow suit in adopting and imposing standards and best practices across countries, industry sectors and supply chains.

Few organisations have had sufficient foresight, time and resource to adopt a strategic approach to compliance. But quick fixes to ad hoc demands are the most expensive solutions. Organisations need to spend time designing smarter compliance systems, to reduce the time and effort required to identify requirements, assign responsibilities, train staff, gather data, conduct audits, assess findings and track remedial work. Keeping your head in the sand might delay the pain in the short term but the cost of compliance will catch up with everyone in the end.

Tags:

Posted by David Lacey on June 17, 2007 1:56 PM |

TrackBack

TrackBack URL for this entry:
http://www.computerweekly.com/cgi-bin/mt/mt-tb.cgi/7750

Comments (2)

Duncan:

This touches on a comment I previously made regarding curing the 'here and now' pathologies of information security that most practitioners' face.

I have difficulty in appreciating how information security (and on a broader basis even information management) will ever reach a strategic zenith when, IMHO, there is a shift to the commoditisation of the subject. Of course this is being driven by a much wider business agenda with a focus on bottom line profitability.

Maybe I'm not moving in the right circles or reading the right blogs/newsgroups but I see very few organisations who really believe in information security. Those that do are world leaders, but there are a whole load of laggards out there too.

Posted by Duncan | June 17, 2007 9:11 PM

Posted on June 17, 2007 21:11

Roger Howsley:

Dear David,
I couldn't agree more with you about the growing demands of compliance and the need for effective corporate governance for security. I'd be very interested to see your paper on the global compliance environment if available,
regards
Roger

Posted by Roger Howsley | July 20, 2007 2:40 PM

Posted on July 20, 2007 14:40

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search


About

This page contains a single entry from the blog posted on June 17, 2007 1:56 PM.

The previous post in this blog was What Makes a Top CIO?.

The next post in this blog is DTI Unveils New Research in Human Vulnerabilities.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type