Living With the "C" Word San Antonio TX

The patients in this ward have all encountered the same ailment, with varying degrees of recovery. Some, like Enron, failed to survive. Others, like Tyco, Eli Lilly and Adelphia, took the cure and managed to reorganize and adapt to the increased scrutiny of regulators and shareholders.

In this bold new world where electronic technology intersects with confidentiality on a regular basis, there are evolving ground rules being created to respond to corporate scandal and concerns about information theft and intrusions into the privacy of global consumers. As lawmakers and the security industry alike strive to secure business enterprises through policy, procedure and technology, there is one constant: It's not business as usual anymore.

Compliance has become the "C" word feared and loathed by some and welcomed by others. Since the scandals of the late 1990s, lawmakers and corporations have increased efforts to protect the data that now drives global business. With business assets becoming more data driven than hardware dependent, higher levels of accountability and protection of these information assets are crucial to the survival of any enterprise.

Perhaps the most important paradigm shift in this entire compliance issue is the status it now receives among security professionals, both physical and IT. With a growing convergence of enterprise risk responsibilities, corporate security directors and IT managers find themselves very involved in compliance regulations like Sarbanes-Oxley, Gramm-Leach-Bliley, HIPAA and PIPEDA on the national level, and state acts like California's Senate Bill 1386, which requires all state businesses and organizations to inform consumers when a privacy breach has occurred.

Global expansion of business has certainly opened the doors for more opportunities, but at the same time, the risk factors facing global enterprises have increased. In its Ninth Annual Global Information Security Survey, Ernst & Young identified compliance as the biggest concern for information security professionals. The survey interviewed close to 1,200 senior information security professionals in 48 countries and also benchmarked the current information security practices of more than 350 organizations in 38 countries.

Obviously the more celebrated breaches of information security and privacy have managed to grab world headlines in recent years, making privacy data protection a high-profile talking point among the masses. But an overwhelming number of respondents in the Ernst & Young survey listed compliance as their number one priority for the second consecutive year. And of those who targeted compliance as their top business security driver, close to 80% said that efforts and activities they have taken to achieve regulatory compliance have strengthened their overall enterprise security efforts.

Based on the survey results, Ernst & Young identified the five most important information security priorities for global companies. One of these priorities was extending the impact of compliance. The survey report noted that compliance is promoting teaming between information security and other functional business groups, and it is improving information security. Respondents said that by using externally imposed compliance deadlines and security incidents as a catalyst, the enterprise could justify proactive investments in stronger security policies and technologies.

Compliance is the "C" word driving enterprise security risk today. Whether you are on the physical or logical side of the security house, it affects the way you establish policy and it dictates your technology choices.