Avoiding 7 Common Mistakes of IT Security Compliance

21 October 2009
Download Type: Adobe PDF

Compliance is a key driver for deployment of IT security controls, and many organisations are pursuing automation to improve accuracy and lower costs of fulfilling requirements. Automating controls is not just laudable – it’s essential for finding and fixing a myriad of vulnerabilities that enable criminals to breach enterprise IT, disrupt electronic business processes, and steal confidential business and customer data.

But automation alone is not a panacea for compliance. Organisations must also associate deployment of automated security solutions with common sense operational strategies to ensure success.
At the most basic level, there is no single standardized framework or terminology that explicitly defines what your organisation must do for compliance. Instead, there are many frameworks with conflicting requirements.

A big challenge for security professionals is navigating this ambiguity, especially when financial auditing terms such as ‘governance, risk and compliance’ (GRC) are loosely applied to IT security solutions. This white paper, provided by Qualys, describes seven typical mistakes of IT security compliance and how you can use these lessons to help your organisation achieve its compliance goals.