Compliance Points Way To Risk Management

Brian McKenna - Infosecurity Today Magazine

Recent and current pressures on IT security managers in publicly quoted companies to tick regulation boxes have about five more years to run. NetIQ security strategist Chris Pick believes that the discipline of risk management, taking companies beyond mere compliance, is "not there yet” as a driver of IT security spending, but that it will be soon.

The company’s VP of security management product strategy was speaking around the recent launch of its ‘Risk and Compliance Center’ product, which offers a regulation-by-regulation view of security incident data. “It represents a single not multiple effort in terms of understanding security information flows, and gives executives visibility into their enterprises’ security postures. And it automates your compliance efforts so that cost savings are possible from year to year”, he said.

So far the product has three major enterprise customers: a Scottish bank, a Swiss financial services company, and a US grocery chain. Pick confirmed that in each case the Chief Information Security Officer drove and signed off purchase.

Pick said that while the company expects immediate customers to come from compliance challenged public and highly regulated companies, that mid-market enterprises will adopt this kind of dashboard tool as the “science of risk management” matures beyond a reactive response to Sarbox, and Sarbox-like, legislation. "There have been cases of companies who have been compliant, but still got hacked", he pointed out.





Around the Network