Information Security Research Library

Powered by Bitpipe.com

ABSTRACT:

Compliance is the dirty word that no security professional likes to mention and few business and technology leaders think fondly of.  This is primarily because compliance is perceived as something that has to be done versus something that helps improve business process or technology.  The stigma is mostly a product of poor compliance effort execution rather than disdain for regulatory requirements.  No one disagrees that more oversight and security validation is needed, but the manner in which it has been validated can vastly improve.  Although HIPAA, FISMA, FFIEC, PCI-DSS, and many other regulatory compliance frameworks have changed significantly over the past 20 years, approaches to addressing compliance within both Fortune 500 and SMB organizations have had a lackluster reign of innovation.

Similar to recent rhetoric around baking security in, this presentation will introduce pioneering methods for how compliance efforts could be introduced earlier in software/system development life cycles and change management workflows via asset-centric threat modeling methodologies, and will demonstrate how more collaborative portrayals of compliance efforts can be achieved across an organization.

Don’t forget to come back on Tuesday, June 25th at 11:00AM EST for a live Q&A with our expert speaker, Tony UcedaVelez, and have your specific questions answered. 

(THIS RESOURCE IS NO LONGER AVAILABLE.)

Bitpipe Definitions: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Other

What's Popular at Bitpipe? Daily Top 50 Reports | Daily Top 100 Topics | Popular Report Topics

Information Security Research Library Copyright © 1998-2014 Bitpipe, Inc. All Rights Reserved.

Designated trademarks and brands are the property of their respective owners.

Use of this web site constitutes acceptance of the Bitpipe Terms and Conditions and Privacy Policy.