Tuesday, January 01, 2008

IT Policy Compliance Group looks back at what was important in 2007

The IT Policy Compliance Group issued a great year end analysis of the important events that took place in the world of IT security in 2007.

Lamont Wood wrote this interesting analysis and leads into it by saying:

Looking back, those who specialize in the history of corporate and cultural debacles may one day hail 2007 as the year when the dusty topic of document retention became a matter of corporate life and death. Thanks to the pervasiveness of networked computers, corporate data proved again and again that it could not only leak into the wild, but, once there, take on a life of its own-and do enormous harm to its parent.

The essay covers some interesting subjects like Data Breaches, PCI DSS Folies, CyberWars and the The Dark Side.

It also includes a summary of the regulations that businesses had to learn to deal with in 2007.

I'm going to refrain from commenting further to direct people to these interesting observations, here.

I did another post on a report from the ITPCG entitled, IT Policy Compliance Group issues study on data breaches and information theft.

This report revealed that focusing on fewer risk focused control points, and then inspecting them more frequently made an organization less likely to suffer data breaches/information theft.

If you haven't read the report yet, it is a worthwhile read, also.

In case you are unfamiliar with the IT Policy Compliance Group, here is their mission (in their own words):

The ITpolicycompliance.com web site is dedicated to promoting the development of research and information that will help IT security professionals meet the policy and regulatory compliance goals of their organizations. Specifically, this site focuses on assisting organizations to improve compliance results by providing reports based on primary research as well as other related information and resources.

Here is who supports this site:

CSI (Computer Security Institute), The IIA (The Institute of Internal Auditors), ISACA (Information Systems Audit and Control Association), the IT Governance Institute, Protiviti, and acknowledge Symantec for providing the financial support to make this site possible.

No comments: