Compliance for Compliance Sake?
Posted by Chia-Chee Kuan, CTO at AirMagnet
Date: May 17, 2010
When it comes to network security and privacy, there's no shortage of regulatory compliance, including PCI-DSS, HIPAA, Sarbanes-Oxley, GLBA, FISMA, and more. Although compliance guidelines are laid out differently for each industry, they're essentially the same when it comes to requiring stringent discipline around wireless LAN security. These compliance rules and regulations help raise awareness for wireless security and require significant action on the part of organizations in order to be compliant.
Despite the universal inclusion of wireless security in almost all compliance regulations, some "compliant" companies still find their wireless networks being vulnerable to attack. You might ask yourself how this happens?
Well first, compliance rules/laws/regulations are relatively static when compared to the advance of wireless technologies. Today's action plan for wireless compliance may very well be flawed by tomorrow, as new technology is introduced or a new vulnerability is discovered.
Second, some companies take compliance as a check box item and implement just enough technology to meet the requirements, but not enough to anchor a strong security strategy that actually keeps the network secure. Compliance laws and rules are usually written as regulatory guidelines and principles... with room for technical implementation flexibility. That flexibility can be misused and misinterpreted at the expense of effective wireless security.
Third, compliance does not guarantee security! It's simply a starting point or a series of checkpoints that move an organization toward a secure network environment. Companies using compliance as the foundation of a security strategy will find themselves falling far short of the desired security standards if they simply think compliance guidelines deliver the level of protection needed to maintain a safe, secure network.
Finally, one of the most frequently neglected topics in regard to compliance is the need for an immediate remediation should the network experience an attack or vulnerability. To be fully secure is to be prepared and ready to react on any security breakdown. That means taking compliance a step further and having a complete wireless security strategy, from start to finish.
In summary, regulatory compliance is a welcome addition to the world of wireless security. It raises awareness and helps close major security loopholes that help ensure better customer, partner and/or employee network interaction and security. Achieving compliance for compliance's sake is a recipe for disaster and does not lead to good network security. CSOs and security professional should create wireless security policies and processes that not only map to compliance targets, but also help build a strong security posture for the company. In a world where organizations are constantly dealing with staff shortages, it is critically important to take advantage of security tools to (1) be updated with wireless technologies advancement, (2) be fully compliant without compromised security, (3) be secure beyond compliance, and (4) be ready for remediation when the unexpected hits.
Jannika Aug. 5, 2011 12:26 PM
Smack-dab what I was lokonig for-ty!
dfsahdf May. 1, 2013 12:26 AM
http://www.coachsoutletonline-usa.net/ coach outlet online coach outlet
http://www.zcoachoutletonline.com/ coach outlet usa coach outlet online usa
http://www.newmichaelkorspurse.net/ michael kors purses outlet online
http://www.mk-michaelkoroutlet.net/ michael kors outlet online
http://www.guccishoesoutletsfactory.net/ gucci shoes outlet online
http://www.northfaceoutletonlines.net/ north face jackets outlet online
http://www.monsteroheadphone.com/ monster beats outlet online
http://www.coachstoresonline2013.com/ coach outlet online
http://thenorthfacesale-uk.webs.com/ North Face Sale North Face UK
http://northfacesalee-uk.webs.com/ north face jackets outlet online
Post a Comment: