Role of Vulnerability Assessment in Compliance
We've just posted a new article in the Digital Library on vulnerability assessment and compliance. Here is a excerpt:
Government and industry regulations continue to change in response to the dynamics of cybercrime, the expectations of citizens and consumers, and the ability of IT professionals to better manage risks. In 2009, new regulations are expected from the Commonwealth of Massachusetts to require improved data loss protection practices of organizations maintaining information about Massachusetts residents. The Federal Trade Commission (FTC) will begin enforcing the "Red Flag Rule" for creditors and financial institutions to implement measures to mitigate the risk of identity theft. Vulnerability assessment will play a role in these compliance areas as well as with existing regulations.Financial and government organizations as well as retailers are already subject to regulations that directly require vulnerability assessment or are supported by them. Vulnerability assessment systems support compliance in several ways:
This article examines some of the ways vulnerability assessment tools can support compliance requirements directly as well as complement other procedures to improve overall security.
- Identifying known vulnerabilities in unpatched software
- Detecting improper configurations that might be compromised by attackers
- Generating reports showing status of vulnerabilities in applications and networks
Get the full article here.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
