|
Navigating the minefield of compliance regulation within the information
industry is difficult and can be a challenge for even the largest enterprise.
Typically, compliance with these standards is considered as an after thought,
however organisations can use these standards to implement a more effective
security strategy within their organisation. Typically, some of the compliance
requirements are:
- PCI (Payment Card Industry Standards)
- APRA (i.e PPG234) - Australian Financial Sector
- ISO 270001, 27002 (International Information Security Standards)
- AS31000 (older AS4360) Risk Approach
- Local Government standards such as IS18
- Industry standards such as OWASP and OpenSAMM
- Privacy Standards of Australia (Data & Security)
Typically, every business is driven by a particular standard. In some cases such
as the Privacy standards, every organisation in Australia must comply with the
default set of standards. Understanding your legal requirements for compliance
with relevant standards and then adopting a maturity approach to the compliance
program, is the first steps in implementing an effective security compliance
program.
Our strategic governance team has worked with all of the above industry
standards and has helped small to large enterprises in implementing a cost
effective and manageable security program within their organisation. We
recommend starting with a maturity baseline, that aligns your organisation
against the compliance drivers. This identifies and maps a program to ensure an
effective compliance management program is implemented over a specific set time.
Contact us today to discuss further with our strategic and governance team on
how we can help to ensure you comply with relevant industry standards and
implement an effective security program.
|