Compliance Points Way To Risk ManagementBrian McKenna - Infosecurity Today Magazine
Recent and current pressures on IT security managers in publicly quoted companies to tick regulation boxes have about five more years to run. NetIQ security strategist Chris Pick believes that the discipline of risk management, taking companies beyond mere compliance, is "not there yetâ€ as a driver of IT security spending, but that it will be soon.
The companyâ€™s VP of security management product strategy was speaking around the recent launch of its â€˜Risk and Compliance Centerâ€™ product, which offers a regulation-by-regulation view of security incident data. â€œIt represents a single not multiple effort in terms of understanding security information flows, and gives executives visibility into their enterprisesâ€™ security postures. And it automates your compliance efforts so that cost savings are possible from year to yearâ€, he said.
So far the product has three major enterprise customers: a Scottish bank, a Swiss financial services company, and a US grocery chain. Pick confirmed that in each case the Chief Information Security Officer drove and signed off purchase.
Pick said that while the company expects immediate customers to come from compliance challenged public and highly regulated companies, that mid-market enterprises will adopt this kind of dashboard tool as the â€œscience of risk managementâ€ matures beyond a reactive response to Sarbox, and Sarbox-like, legislation. "There have been cases of companies who have been compliant, but still got hacked", he pointed out.