Compliance with Cybersecurity Regulation
by Brent Kirkpatrick
(Date Published: 1/12/2018.)
For a given company, the type of company (public or private), the sector of its business, and its transactions determine the regulations with which it must comply. Laws pertaining to compliance include, but are not limited to:
The reason for compliance to these laws is the enforcement of a minimum security standard. This minimum standard is a procedure for response to intrusions, not a check list of security measures. These laws are designed to help a company detect accounting and security irregularities, report them to those who are effected, and respond with repairs.
Fines for lack of compliance usually come when there is a failure to report or some gross negligence in implementing a commonly accepted security measure. Usually, hackers reveal a lack of compliance. A company is hacked, fumbles, fails to report, or fails to repair vulnerabilities. This is when there are fines.
Compliance does not guarantee security. A company can be fully compliant before, during, and after an intrusion. Compliance during an intrusion requires a timely response that involves: reporting the intrusion and mitigating the vulnerabilities. Reporting means notifying the individuals whose sensitive data was breached. Mitigation means identifying the vulnerabilities used by the hackers and repairing them.
defendIT (TM). AI-driven security measures derived from security incident data.