Depending on the organizations primary industry, they may be subject to one or several state, federal, or international laws regarding information security, working conditions, financial statements, trading, manufacturing, or ethical business practices. These laws will have their own impact on how the organization supports and fulfills their mission, vision and business goals in addition to defining their overall security posture.
Laws getting the lion’s share of attention due to increased connectivity, social media and vanishing network perimeters fall under information security. Common laws that may apply to your organization are HIPAA, PCI, SOX, GLBA and within the State of California, SB 1386, 541, or 211. For those requirements that are federally mandated it is important for organizations to understand how applicable state or even international laws may “trump” the federal requirement or visa versa.
Focusing on compliance only can be an organization’s downfall. Finding a balance between security and compliance should be the overall goal. A growing belief of industry professionals is that by focusing on a comprehensive security strategy, compliance will naturally fall into place. Understanding how the security controls map to compliance initiatives can seem like an overwhelming task, but there are many resources and tools available to assist with this process and organizations do not need to “reinvent the wheel”.
Having trouble getting started? Contact Vantage with your questions today.