Author: Andrew Lowe
Published: Q3 2019
Many factors influence an organization’s decision to adopt compliance as a practice in its environment. Driving factors could be a law, such as GDPR or HIPAA, proof of due diligence for insurance, C-level management, and unique client requirements. Meeting compliance requirements can be a strain on any size organization, especially if the organization does not have the correct policies and procedures in place. Auditing is the most important part of a compliance program, and security products play a valuable role here—the logs that many of these products generate are often crucial sources of data for evidence gathering during security control audits.
This paper discusses the process for building a new compliance program and provides guidance on how analysts new to compliance can get up to speed on programs already in place. Common compliance frameworks and typical misconceptions about compliance are reviewed, and laws and best practices are defined.