- Protecting yourself from a new online scam
- Diary of a deliberately spammed housewife
- Silly Internet traditions: A concise history
- How to avoid laptop loss at the airport
- Top 10 worst uses for Windows
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
IT executives and security professionals know that the web of laws, regulations and private-association rules that must be complied with gets wider, more complex and more costly every day.
When Nemertes Research asked participants in a new benchmark on security and information protection how much they spend on compliance, most participants were at a loss to come up with a number, because they had not created a separate budget line for compliance.
But there was widespread agreement that the amount is significant. Based on the Nemertes survey of more than 100 respondents, we've been able to pinpoint the cost areas associated with compliance and provide some benchmarks in terms of what other security executives are spending.
There are four levels when it comes to regulatory compliance:
* First, there are federal regulations. The most widely known is the far-reaching, broadly applicable Sarbanes-Oxley Act (SOX), which requires companies to certify the accuracy and accountability of financial data.
Other federal regulations include the Family Educational Rights and Privacy Act, the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA). All require companies to protect confidential data (generally called nonpublic private information or NPPI). Beyond that, federal agencies, such as the Securities and Exchange Commission (SEC), set up regulations that apply to companies within their purview.
* Individual states have added their own requirements, chiefly for privacy. The best-known and farthest-reaching state law is the California Information Practice Act, also known as SB1386, requiring public disclosure of any loss or theft of NPPI, and which applies to any company with operations or customers in California. Given the size of the state, this law is as far-reaching as any federal regulation, except SOX.
* Private industrial organizations create a third tier of requirements: groups such as the Payment Card Industry (PCI) or National Association of Securities Dealers (NASD) define best practices and requirements for member companies.
* Companies operating outside the United States must also contend with a fourth level, the laws and regulations of other countries and bodies such as the European Union. Canada and Japan have significant information privacy laws, and the EU has a directive in the same vein.
- on-demand, instant resourcing: you can request 200 new compute instances and you can get them, there...- Craig Balding
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
NetScout is one of the world's premier providers of integrated network and application performance solutions.
www.netscout.com
Know First
Get Proactive — Move from Troubleshooting to Monitoring to Management with nGenius K2's Service Dashboard & Intelligent Early Warning Alarms
Watch the Video
Know Where
Get Rapid Performance Problem Isolation with nGenius Performance Manager and Diagnose Problems up to 70% Faster!
Learn More
Know Why
Get the Details to Validate and Solve your Toughest Performance Issues with nGenius InfiniStream and Sniffer Intelligence Modules
Read the Whitepaper
Comment