BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Alleviate Regulatory Compliance Strains on IT Pros

Posted June 19, 2012    Peter McCalister

As regulations continue to evolve and audits become even more comprehensive, many organizations are resource- strained trying to comply with critical government regulations. The reality is these regulations are unforgiving and non-compliance results in penalties, lost business and other indirect costs. A centralized solution to manage compliance provides a more actionable intelligence to available manpower without losing sight of broader IT security protections.

IT departments can waste a significant amount of time trying to manually prepare compliance audits and reports to management. In a recent poll by eEye Security, more than 85 percent of IT pros are impacted by regulatory compliance and industry standards including ISO, PCI, DSS, and HIPAA. The report further shows efficiently managing this takes up to 50 percent of their work week. Put into perspective, that is entirely too much time where efforts could be focused on actually reducing the threat landscape, rather than reporting on it.

To combat the vast economic ramifications of cybercrime, new regulatory mandate such as FISMA and FedRAMP for the cloud, require continuous monitoring and reporting of security processes. This order is a truly critical point to make to organizations in light of a continuously changing threat lanscape. Raising the wall against their malicious counterparts has to happen. This trend is only going to compound as time goes on, however there are ways to manage this without companies having to spend more.

Implementing strategic solutions that simplify this regulatory maze is invaluable to IT pros trying to maintain a tight perimeter around their organizations. Automated processes for compliance management for corporate policies, government regulations, and industry standards, keeps organizations up-to-date with changes to regulatory controls and newly discovered vulnerabilities. IT departments can now navigate through the regulatory landscape with all the information compiled into a dashboard, instead of the time straining task of extracting the raw data manually. Daily compliance can be timely, repeatable, and more importantly actionable when compliance violations arise.

Leave a Reply

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,