Security Think Tank: How businesses can achieve compliance and security

What can businesses do to make regulatory compliance a priority without losing focus on security basics?

What is regulatory compliance? According to Wikipedia, “Regulatory compliance describes the goal that corporations or public agencies aspire to in their efforts to ensure that personnel are aware of and take steps to comply with relevant laws and regulations”.

Such laws and regulations are typified in the UK by the likes of the Data Protection Act, Regulations of Investigatory Powers Act, the LSE’s Combined Code and PCI-DSS.

One common feature of the examples I have chosen is that without the maintenance of good (information) security basics, you cannot hope to achieve an acceptable level of regulatory governance.

In other words, implementation and maintenance of good (information) security basics is a necessary part of achieving regulatory compliance.

Peter Wenham is a committee member of the BCS Security Forum strategic panel and director of information assurance consultancy Trusted Management.

Security Think Tank: How businesses can achieve compliance and security

Part 1. Adrian Davis, Information Security Forum (ISF)

Part 2. John Colley, (ISC)2


This was last published in April 2012

Read more on Privacy and data protection

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.