This resource is no longer available
Information Security and Multi-Compliance: Avoiding Audit Fatigue with a Single IT Compliance Strategy
The compliance approach to meeting information security goals tends to follow the cycle of crisis-driven audit preparation, audit, audit findings, remediation, and retesting. This may also be followed by a highly political search of who is to blame for the unsuccessful audit. Often, the person held personally responsible will be the CIO, who may in turn blame the CISO or compliance officer. In either case, IT management has tremendous incentive to figure out a new, more effective approach to meeting these information security and compliance goals.
This Prescriptive Guide provides nine steps that information security managers can use to break the compliance blame cycle and build an information security program that more effectively mitigates security risk. By successfully executing these steps, the information security manager will no longer continually react to and manage the audit preparation crisis du jour. Instead, the information security manager will institute and rely upon regular, defined activities to complete the heavy lifting of preparing for a successful audit long before the audit occurs.