The Compliance "Tax"By Ericka Chickowski | Posted 2010-10-12 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
Just when companies are getting a handle on their IT security compliance responsibilities, the regulatory environment is changing. Here are four things to watch.
As organizations continue to stumble and fall with security failures by the day, regulators are taking matters into their own hand, often implementing increasingly prescriptive regulations that may be at odds with an organization's risk management practices. This adds an increasing element of 'compliance tax' that organizations must throw more resources at--be they in-house or outsourced.
"The regulators in general seem to be heading towards more prescriptive regulations," says Professor Paul Dorey, founder of CSO Confidential and former chief information security officer for BP. "When standards get too prescriptive they can be a hindrance. They start to impose things that may not be relevant to an organization’s risk management. The organization may do things in a different way, yet manage risk well. But that wouldn’t be acceptable to the prescriptive regulator."