INFOSECURITY EUROPE DISCUSSION PAPER ON COMPLYING WITH REGULATORY AND BUSINESS SECURITY NEEDS Security ParkFriday, March 12, 2004

INFOSECURITY EUROPE DISCUSSION PAPER ON COMPLYING WITH REGULATORY AND BUSINESS SECURITY NEEDS Security ParkFor most businesses, government agencies, institutions and other organisations, security can at times seem like an overwhelmingly complex challenge. Threats to your data, both real and perceived, loom from all reaches – both external and internal to the organisation. Hacker attacks, disgruntled or dishonest employees, and competitive snooping are just some of the concerns with respect to protecting proprietary information.

Regulatory drivers are mounting, as well as an ever-growing list of legislation and new acronyms to contend with. In Europe, the EU and individual countries have their own regulations governing the privacy of information including, as examples, the European Community Directives on human rights, electronic commerce, data protection, and privacy and electronic communications and the UK’s Data Protection Act. In the US, HIPAA, GLBA, and “SOX” are just a few to contend with. On a worldwide basis, the Basel II Capital Accord is front of mind for all internationally active banks.

Faced with a long and growing list of international regulations affecting IT security, compliance is viewed as one of the top concerns for many executives. Some of these laws hold organisations accountable for protecting the confidentiality of consumer or patient information. Others require companies to provide detailed and reliable documentation on financial decisions, transactions and risk assessments. And new laws are being passed all the time.

see full article......