Technology Solutions: Compliance Management
Challenge: Making sense of the myriad of compliance requirements.
While it is hard to imagine a more over-hyped market driver than compliance, the requirements placed on organizations are very real and IT departments must respond as a result.
The frustrating part of this exercise is the lack of hard-and-fast guidelines about what really constitutes compliance with a policy or regulation. Gartner Group provides the most realistic and, at the same time, disconcerting evaluation of the compliance dilemma:
"The secret is that there is no definitive assertion of what equals compliance, so organizations are on their own to determine what is reasonable and appropriate for them."
Chief Information Security Officer's Guide to Compliance
Gartner Group
January 2006
Gartner Group
January 2006
QRadar for Compliance Management
QRadar provides key technology underpinnings for a company's efforts to deliver security best practices as required by specific industry regulations. Core to QRadar's ability to support a compliance initiative is specific workflow that maps to accepted control frameworks and specific regulations.
QRadar provides reporting and alerting workflow for the following control frameworks:
- Control Objectives for Information and related Technology (CobiT)
- International Organization for Standardization (ISO) ISO/IEC 27002 (17799)
- Common Criteria (CC) (ISO/IEC 15408)
- NIST special publication 800-53 revision 1 & FIPS 200
QRadar supports compliance-focused workflow for the following regulations:
- Payment Card Industry Data Security Standard (PCI-DSS)
- Health Insurance Portability and Accountability Act (HIPAA)
- Sarbanes-Oxley (SOX)
- Graham-Leach-Bliley Act (GLBA)
- Federal Information Security Management Act (FISMA)
Related link:
Solution Note: Establishing the Business Case for a PCI-compliant Security Management Program