Organisations of all sizes and in both the public and private sector are
increasingly required to be in compliance with a number of legislative and
industry regulations and standards. Compliance with these regulations
should be seen as part of the Information Security Management System (ISMS)
or process.
In the
United Kingdom HMG have mandated a number of policies for the UK Public
Sector and include Codes of Connection (CoCo) and Good Practice Guides
(GPG)from CESG.
In the United States regulations such as SOX, FISMA, HIPPA and
in Europe Basel II and privacy legislation are driving organisations to seek
tools to assist and automate their compliance. The impact of some
regulations, for example Sarbanes Oxley (SOX) is significant not only in the
United States but globally.
The Payment
card Industry Data Security Standard (PCI DSS) is a multifaceted security
standard that includes requirements for security management, policies,
procedures, network architecture, software design and other critical
protective measures. PCI is intended to help organizations proactively
protect customer credit card data.
Most
organisations subject to such regulations use controls from standards such
as ISO 270001 and guidelines to achieve compliance.
ISO 27001
is the formal standard against which organizations may seek independent
certification of their Information Security Management Systems. AN ISMS is
a frameworks to design, implement, manage, maintain and enforce information
security processes and controls systematically and consistently throughout
the organizations.
