Going Beyond Checkbox Compliance: How to Make Compliance Improve Your Security

Recorded: June 4, 2010

In today's highly regulated environment, many organizations address compliance as one-off projects where the goal is to ‘get the box checked' by the auditor. This inefficient approach results in time- and resource-intensive work to pour through as many as 40,000 spreadsheets just for one compliance initiative* that provides little value back to the organization. This multiplies exponentially when dealing with multiple regulations. Achieving a level of compliance may be a requirement for your organization, but by itself is not a guarantee that your systems and sensitive data will be secure. Going beyond a checkbox compliance approach will ensure audits are passed and regulatory requirements are met, while streamlining operations, reducing IT risk and ultimately improving overall security.

In this roundtable discussion with Brandon Dunlap of BrightFly, Jeff Hughes of Lumension and Marcus Giese of RightNow, learn the keys to taking a risk-based approach and how to:

• Leverage compliance initiatives as a catalyst to improving security
• Identify areas of control weakness
• Prioritize IT risk to focus on what matters most
• Rapidly respond to those weaknesses
• Improve processes and augment controls

* Corporate Integrity, LLC, Foundations of GRC: Streamlining Compliance, May 2009

Moderator: Brandon Dunlap.    Panelists: Jeff Hughes and Marcus Giese. 

Speaker BIOs

Brandon Dunlap is the Managing Director of research at Brightfly. He has more than 15 years of experience managing business technology risk in large and small organizations. He has served in a variety of roles across heavily regulated industries, successfully leading all aspects of IT security programs, including policy and procedure management, oversight and control, strategy, architecture, development, and training. Currently, he is the Managing Director of Research of Brightfly, an independent, advisory and research firm that focuses on building a collaborative IT practitioner communities and bridging the gaps within information technology, security, risk, compliance, and audit disciplines.

Jeff Hughes is the Director of Solutions Marketing at Lumension. Jeff brings over 18 years industry leadership and skills as a marketer, publisher and keynote speaker in high technology industries including Director of Solution Marketing for Lumension, Inc. Jeff is responsible for all aspects of outbound product marketing with an emphasis on compliance and IT risk management. Hughes is the author of 11 marketing and technology books and numerous trade press articles on high technology marketing topics.

Marcus Giese, MS, JD, Regulatory Compliance. After spending 16 years with EDS (HP Enterprise Services), Marcus joined RightNow as a Compliance Specialist in January 2009. Marcus' technical and legal background, set him up well for handling regulatory compliance for a multi-tenant cloud vendor such as RightNow. Reporting to RightNow's CISO, Marcus coordinates RightNow's PCI DSS certifications, SAS 70 audits, and RightNow's compliance with a large number of compliance requirements such as HIPAA, FERPA, and GLBA.

Related White Papers

• Don't Wave the White Flag Over Red Flags Rule Download
• Six Critical Elements to Achieve Economies in NERC CIP Compliance Download
• Practical Steps to Ensure GCSX Code of Connection Compliance and Beyond Download