CHAPTER 9

Compliance management.

Organizations are required to comply with various standards, regulations, and laws enacted by the government or other regulatory bodies with regards to data security and management. This can include industry-specific standards like HIPAA for healthcare, PCI DSS and GLBA for finance, FISMA for US federal agencies, as well as the more general ISO 27001 standards for information security management systems and the SOX Act for US public company standards on reporting their financial information to the public.

IT security admins are expected to meet the compliance requirements for:

  • Data security, to maintain control over data access.
  • Forensic analysis, to ascertain the impact of a data breach.
  • Establishing preventive measures to stop attacks.
  • Regular auditing and report preparation.
  • Enacting incident detection.

Complying with regulatory mandates is not a one-time activity, but a continuous process. Admins should conduct IT security audits at regular intervals and prepare reports as proof, which can be an exhausting task. They also need to develop security measures to combat threats, and maintain effective control over access to data in their organization.

An integrated compliance management solution helps security admins ensure their organization meets compliance requirements and effectively manages compliance data.

Benefits of a compliance management solution.

  • Quickly generate accurate audit reports
  • Organize log data storage
  • Detect security loopholes and devise preventive measures
  • Incorporate compliance-relevant practices

Compliance violations.

Data protection compliance standards are laws set by governments to protect the public. In many instances, non-compliance can result in fines or legal action.

GDPR violations can cost up to $20 million, or up to four percent of an organization's revenue from the previous year. Noncompliance with the PCI DSS can cost $5,000 to $10,000 per transaction each month.

The more common HIPAA violation fines are levied based on four tiers, taking into account the level of awareness and negligence on the employee or organization. The fine can range from $100 to $1.5 million.

Compliance violations are quite costly. Besides heavy fines and lawsuits, the organization can also suffer loss of public trust.

 

Chapter 2

Different functions of SIEM

Learn about the different capabilities of an ideal SIEM solution.

 

Chapter 3

Component of SIEM Architecture

 

Chapter 4

Log Management

Learn about log management and why it is necessary.

 

Chapter 5

Incident Management

Learn about security incidents and how they are handled.

 

Chapter 6

Threat intelligence

Learn about security audits, real-time monitoring, and correlation and how they are useful to mitigate cyberthreats.

 

Chapter 7

Cloud security

Learn why it is important to secure data that is stored online on cloud computing platforms.

 

Chapter 8

User Entity and Behavior Analytics

Learn why UEBA is critical to maximize cybersecurity.

 

Chapter 9

Data protection

Learn why it is important to adhere to compliance regulations.