Blog: WiFi Experts on Compliance

Compliance for Compliance Sake?
Posted by Chia-Chee Kuan, CTO at AirMagnet
Date: May 17, 2010

When it comes to network security and privacy, there's no shortage of regulatory compliance, including PCI-DSS, HIPAA, Sarbanes-Oxley, GLBA, FISMA, and more. Although compliance guidelines are laid out differently for each industry, they're essentially the same when it comes to requiring stringent discipline around wireless LAN security. These compliance rules and regulations help raise awareness for wireless security and require significant action on the part of organizations in order to be compliant.

Despite the universal inclusion of wireless security in almost all compliance regulations, some "compliant" companies still find their wireless networks being vulnerable to attack. You might ask yourself how this happens?

Well first, compliance rules/laws/regulations are relatively static when compared to the advance of wireless technologies. Today's action plan for wireless compliance may very well be flawed by tomorrow, as new technology is introduced or a new vulnerability is discovered.

Second, some companies take compliance as a check box item and implement just enough technology to meet the requirements, but not enough to anchor a strong security strategy that actually keeps the network secure. Compliance laws and rules are usually written as regulatory guidelines and principles... with room for technical implementation flexibility. That flexibility can be misused and misinterpreted at the expense of effective wireless security.

Third, compliance does not guarantee security! It's simply a starting point or a series of checkpoints that move an organization toward a secure network environment. Companies using compliance as the foundation of a security strategy will find themselves falling far short of the desired security standards if they simply think compliance guidelines deliver the level of protection needed to maintain a safe, secure network.

Finally, one of the most frequently neglected topics in regard to compliance is the need for an immediate remediation should the network experience an attack or vulnerability. To be fully secure is to be prepared and ready to react on any security breakdown. That means taking compliance a step further and having a complete wireless security strategy, from start to finish.

In summary, regulatory compliance is a welcome addition to the world of wireless security. It raises awareness and helps close major security loopholes that help ensure better customer, partner and/or employee network interaction and security. Achieving compliance for compliance's sake is a recipe for disaster and does not lead to good network security. CSOs and security professional should create wireless security policies and processes that not only map to compliance targets, but also help build a strong security posture for the company. In a world where organizations are constantly dealing with staff shortages, it is critically important to take advantage of security tools to (1) be updated with wireless technologies advancement, (2) be fully compliant without compromised security, (3) be secure beyond compliance, and (4) be ready for remediation when the unexpected hits.

Jannika Aug. 5, 2011 12:26 PM

Smack-dab what I was lokonig for-ty!
dfsahdf May. 1, 2013 12:26 AM coach outlet online coach outlet coach outlet usa coach outlet online usa michael kors purses outlet online michael kors outlet online gucci shoes outlet online north face jackets outlet online monster beats outlet online coach outlet online North Face Sale North Face UK north face jackets outlet online
Unlimited Satellite Internet Jan. 20, 2015 6:22 AM

Excellent and decent post. I found this much informative, as to what I was exactly searching for. Thanks for such post and please keep it up.

Post a Comment:

Note: Your email will not be displayed.
Enter in the characters from the image below:
Blog Contributor

Chia-Chee Kuan is CTO and co-founder of AirMagnet. Chia-Chee will contribute his expertise on technology, security vulnerabilities, and future trends in the WLAN industry.

Blog Archive
Other Social Media Sites We Recommend:
Home  |  Security Center  |  All Things Wi-Fi  |  Blog  |  Library  |  |
© 2006-2014 Fluke Corporation. All rights reserved.