compliance initiatives

Get a grip on encryption and databases

Jim Kim — Fri, 08 Aug 2008 14:46:35 -0400

As you know, storage issues have rocketed to the forefront of the IT agenda, driven mainly by Sarbanes-Oxley and other compliance initiatives. That has made them targets for various hackers. SQL injection attacks, among other activities, are rising, notes SC magazine. So while encryption is not the complete answer, it makes sense. Unfortunately, the fact remains that many companies still have not embraced encryption. The practice itself raises several issues; Do you encrypt everything, or just some data? Where do you encrypt it? There are lots of solutions out there. It's always a good time to get started on these issues. Article

Time for compliance scoring?

Jim Kim — Fri, 25 Jul 2008 12:43:47 -0400

TechRepublic makes the point that "most organizations simply do not have the time to dedicate the resources to deliver an accurate [control] assessment. While there are many tools that can address the technology aspects of compliance, not all offer a comprehensive approach to scoring all factors." To that end, it reviews the Modulo Risk Manager Platform, which Modulo markets as part of its GRC platform, as a way to provide security index scores to assess compliance initiatives in a way that spans more than just technology. You can use the service to score various employees and facilities, such as the data center. Article

GRC initiatives gaining, compliance still a must-do

Tue, 01 Apr 2008 07:59:59 -0400

We've discussed the idea that compliance initiatives can yield strategic benefits, if done right. A new survey from AMR Research seems to suggest that more companies are getting on board with this idea. Companies will spend more than $32 billion on governance, risk management and compliance (GRC) in 2008. That's an increase of 7.4 percent over 2007. Meanwhile, spending on Sarbanes-Oxley compliance is expected to grow only 2 percent to $6.2 billion. What to make of this? The fact is, that a lot of GRC investment relates to Sarbox compliance. Rather than a Sarbox-specific project, why not include the project as part of larger, more strategic, deployment? Risk-management, intimately related to Sarbox, is seen as a big driver behind the trend.

For more:
- here's the release

Related Articles:
CFOs face complex GRC software decisions. Article
Will the economy zap compliance issues? Article
GRC software seems to be rising. Article
Oracle aims for GRC eco-system. Article