资源描述:
《RPT_Imperva_Two_Sides_of_the_Same_Coin》由会员上传分享,免费在线阅读,更多相关内容在学术论文-天天文库。
1、By:ShlomoKramerTwoSidesoftheSameCoin:TheConvergenceofSecurityandComplianceSecurityandcomplianceissueswillcontinuetodominateITApplicationDataSecurityandComplianceLifecycleinitiativesaslongasvaluabledataoncustomers,employees,Asregulationsproliferate,asplitapproachtoITsecuri
2、typatients,andbusinessfinancialsisexchangedandstored.andregulatorycompliancewon’twork.OrganizationsneedHistorically,securityteamsfocusedonprotectingsensitivedataamorerationalandefficientmechanismtomeetmultipleandcomplianceteamsfocusedoncontrollingitsusage.Theserequirement
3、sacrossbothsecurityandcompliance.Withadisciplinesareactuallytwosidesofthesamecoin.Regulationssoundprocess,itispossibletomeetmultiplemandates.Theandmandatesworldwidearevalidatingthisviewpoint,requiringfollowingapplicationdatasecurityandcompliancelifecyclesecurityandcomplia
4、nceteamstoworktogether.Whilethisoffersasimplefourstepapproach.challengesmanyorganizations,theadvantagesofanintegratedapproachincludereducedcosts,improvedefficiencies,robustsecurity,andcompliantcontrols.1.DiscoverandIdentifysensitivedata,assessriskandcollectAssessusageinfo
5、rmationMultipleRegulationsandMandates2.SetControlsDefineacceptableusagepatternAgrowingnumberofmandatescomplicatematters.TheU.S.hasandPoliciesSarbanes-Oxley(SOX),thePaymentCardIndustryDataSecurity3.MonitorandCaptureactivityandpreventunauthorizedStandard(PCI),CaliforniaSena
6、teBill1386(CASB1386),theHealthEnforceactionsInsurancePortabilityandAccountabilityAct(HIPAA),theGraham-4.MeasureReportonactivity,recommendrefinementsLeach-BlileyAct(GLBA),andothers.MandatesinEuropeincludeasneededPCIaswellastheEuropeanDataProtectionDirective(DPD)andFig.1–Th
7、efourstepsoftheapplicationdatasecuritytheBaselCapitalAccord(BaselII).andcompliancelifecycle.IncertainmandatesandinsomepartsofPCI,compliancerequirementsarevague.TheprocessofinterpretingrequirementsStep1:DiscoverandAssessagainstauniqueITinfrastructurepresentsadauntingprojec
8、t.Inthisarticle,IwillusePCIasanexampletoprovideguidanceacrossFirst,findsystemsthatstoresensitive
