When we first opened for business, we had 15 employees. Today, we have more than 3500 full-time staff members. Business decisions then were simple and not as complex as today. Even the way we conduct business has dramatically changed as quickly as technology has over the past 10 years.
We didn’t have to worry about Viruses, Trojans, Malware, or penetration hacking. What keeps me up at night now….
How do we keep our data safe?
Where do we begin?
Where do we go for the information?
and, most importantly – What do we do now?
Sound all too familiar? Information security is often feared as an amorphous issue that only the IT department has to deal with. The reality is that companies need to be concerned with complying with information security from top to bottom. Regulations are in place now [i.e., HIPAA, Sarbanes Oxley Act, The Federal Information Security Management Act of 2002 (FISMA), Gramm Leach Bliley Act (GLBA), and the Payment Card Industry Data Security Standard (PCI-DSS)] that can help a company improve information security while corporate non-compliance can result in severe penalties and/or fines. It may be difficult for a company to understand which laws apply and which ones do not because many different sets of laws can apply to one company and not another.
Many major companies within the United States are subject to some form of security regulation. Regulations that contain information security requirements are intended to improve the information security level of organizations within a particular industry; and many would welcome such information. The difficulty comes in determining which regulations apply, and interpreting the requirements of those regulations. The regulations are not written in a way that is easily understood by the average business person so many times a security professional (i.e., the staff at Praetorian Secure, LLC) is required to understand the regulatory requirements and how best to implement them.
Information Security professionals have experience implementing systems, policies, and procedures to satisfy the various requirements of the regulation(s), while also enhancing the security of your organization. Some have even obtained credentials such as the “CISSP (Certified Information System Security Professional)” that signify their understanding of security regulations.
There is an abundance of laws and bills on the books designed to protect your organization’s information. However, it is not always clear to the average business decision maker which regulations apply to their organization. This is where the information security professional can greatly assist ANY organization make sense of the regulatory requirements that seem to grow more complex with each revision
Compliance is critical and it begins by understanding which regulations are going to affect your organization. Then, outlining the best approach that will bring you into compliance. Either way it’s up to you – regulatory compliance, or another sleepless night…