View From The Bunker
A blog about security and availability by Guy Bunker at Symantec

• Home
• About
• RSS

• Recent Posts

  • Me, Me, Pick Me…
  • Halt. Who Goes There?
  • Transformational Government 2008
  • Tape Glorious Tape, There’s Nothing Quite Like It
  • Not Waving But Drowning

• Categories

  • announcements
  • Application
  • Availability
  • Complexity
  • Compliance
  • Consumerization
  • data-loss
  • Education
  • Information Policy
  • Insider
  • IT equipment
  • Miscellaneous
  • Regulation
  • Reputation
  • SaaS
  • security
  • Spam
  • Speaking
  • Uncategorized

• Tags

  Bank & Finans BERR CEO CNI Compliance data-gain data-loss data destruction Education email encryption financial loss fix fraud Identity theft information cost InfoSec ISTR IT department Las Vegas new process no data-loss PCI DSS People Phishing pictures policy PricewaterhouseCoopers Regulation Reputation RUSI SaaS SLA security security breaches sensitive information social networking Software as a Service Spam Speaking strangers usability USB virtual machine Vision Work practice

• Blogroll

  • Bruce Schneier’s Blog
  • Get Safe Online (The Blog)
  • Gizmodo Gadget Blog
  • Jonathan Schwartz’s Blog
  • Phil Windley’s Technometria
  • Toby Stevens’ Data Trust Blog

Vote for me in
IT Security Blogs

5 Million And Counting

The White House has lost 5 million emails which is a pretty impressive feat. More worrying is that there is confusion over what is there, what isn’t, and who is responsible. If this had been a company then they would have been hauled up in front of a judge and forced to answer diffcult questions, however governments are a different story and seem to operate on their own rules. When it comes to data loss a government does have a reputation, but there isn’t the competition - you can’t choose to pay your taxes to country X… however it is up to a government to set a standard and precedent which will give give its citizens confidence that, if nothing else, they can look after your information.

Perhaps it is time to have a watchdog for governments and information protection?

Technology & Regulations: Which Leads, Which Lags?

One great question I was asked during my talk at the Affärsvärlden Bank & Finans Outlook 2008 Conference, was whether the technology to help with compliance and governance was ahead of the regulations or behind.

This is a tough one to answer, primarily because the regulations are always changing. However, from 30,000 feet, the story is the same, you need to be able to prove that you say what you do, and that you do all you can to {protect customer data | ensure that systems are secure | prevent fraud | etc}. To this ends, the technology is there to help with compliance and you can automate a lot of it. Patch management of systems, followed by auditing which ones are up-to-date and which are not can be tedious in the extreme if you don’t have the technology to help. Not to mention the management and monitoring of updates to applications, endpoint protection and password strength checks, the list is (almost) endless. Technology helps and the other big benefit is that you can get a view onto your IT infrastructure and its compliance at any time - not just when the auditors are knocking on the door.

So, if you are looking at compliance, or are just getting into IT governance, look around at the tools available to make it as painless as possible.

• Subscribe

  

  Enter your email address:

  Delivered by FeedBurner

• Podcasts

  
  Detach Player
  

   

• Symantec Security Response Weblog

• Links, downloads and other resources

  Symantec UK
  Symantec Podcast Directory
  Symantec Security Response