Discussion
Article: Learn the Science of Compliance to Survive By Douglas Schweitzer.
Our class focuses on integrating several aspects of information security/assurance. Part of an overall integrated approach to achieving a comprehensive information assurance program is compliance management. As you are aware there are a number of government regulations that affect both the public and private sector. Please read Learn the Science of Compliance (link above). The author makes a strong case for centralized management of IT compliance and the use of software tools to assist in managing compliance programs.
You are the CISO of a large private financial company that is traded on the NY Stock Exchange. You were tasked by the the CIO to develop an IT compliance management program for your organization. What approach would you take to develop such a program? What regulations impact the organization? Would you consider the use of a compliance tool? If so which one and how would you justify the expense?