http://www.esecurityplanet.com/open-source-security/5-free-tools-for-compliance-management.html
Most IT pros consider compliance a hassle. Yet the
tools of compliance can empower security technologies and simplify risk
management. Better yet, some of those tools are free.
Many organizations must comply with regulations such as HIPAA,
and the numbers are growing, fueled by constantly evolving legislation
that creates new rules, requirements and auditing procedures.
Compliance requirements are often seen as an unnecessary burden that was legislated into existence to protect external entities. However, properly enforced compliance policies can protect organizations from a myriad of problems – ranging from security breaches to lawsuits to corporate espionage.
The risks associated with a failure to properly secure IT are similar, if not identical. The only major difference is that most security practices are optional, while compliance practices are required.
While it is easy to see how security and compliance go hand in hand with risk management, the realization does nothing to ease the burdens of compliance and security. It does, however, give some insight into how those burdens can be reduced. Unifying risk management, security management and risk management can lead to an economy of scale, creating efficiencies that lessen the burdens imposed, both in time and budgets.
With the proper tool set, compliance management and risk management can become natural extensions of security management, offering managers a clear path to establishing compliance, protecting data and enforcing policy. That holistic approach will reduce costs, while enhancing the benefits of all three.
The market has become all but flooded with compliance tools, yet few of those tools include all of the needed capabilities to combine compliance management with other security capabilities, such as intrusion detection and prevention systems (IDPS), next generation firewall (NGFW), anti-malware and so on. All of these are rapidly becoming a concern for organizations charged with compliance regulations.
With that in mind, it becomes clear that IT managers may have to build their own solutions and integrate off-the-shelf products with other solutions. Luckily for those choosing a path of self-development, several free tools can become part of an integrated solution. In no particular order, here are five tools that can help IT pros seeking to comply with various regulations:
Most IT pros consider compliance a hassle. Yet the
tools of compliance can empower security technologies and simplify risk
management. Better yet, some of those tools are free.
Share
Compliance requirements are often seen as an unnecessary burden that was legislated into existence to protect external entities. However, properly enforced compliance policies can protect organizations from a myriad of problems – ranging from security breaches to lawsuits to corporate espionage.
Compliance's Relationship to Security
Compliance has a symbiotic relationship with the procedures and requirements dictated by computer security. Compliance, like security, is all about managing risk. The risk associated with compliance failures can include financial impact (fines), data loss (intrusions), lost business (customer impacts) or even a suspension of operations.
The risks associated with a failure to properly secure IT are similar, if not identical. The only major difference is that most security practices are optional, while compliance practices are required.
While it is easy to see how security and compliance go hand in hand with risk management, the realization does nothing to ease the burdens of compliance and security. It does, however, give some insight into how those burdens can be reduced. Unifying risk management, security management and risk management can lead to an economy of scale, creating efficiencies that lessen the burdens imposed, both in time and budgets.
How Tools Can Help
However, it takes more than an ideology of unification to solve those problems; it takes tangible elements as well – starting with the proper tools. Unified security management tools that offer integration and management modules can often combine risk management, compliance initiatives and security controls into a single managed element, converting compliance to little more than an extension of policy-based security enforcement.With the proper tool set, compliance management and risk management can become natural extensions of security management, offering managers a clear path to establishing compliance, protecting data and enforcing policy. That holistic approach will reduce costs, while enhancing the benefits of all three.
The market has become all but flooded with compliance tools, yet few of those tools include all of the needed capabilities to combine compliance management with other security capabilities, such as intrusion detection and prevention systems (IDPS), next generation firewall (NGFW), anti-malware and so on. All of these are rapidly becoming a concern for organizations charged with compliance regulations.
With that in mind, it becomes clear that IT managers may have to build their own solutions and integrate off-the-shelf products with other solutions. Luckily for those choosing a path of self-development, several free tools can become part of an integrated solution. In no particular order, here are five tools that can help IT pros seeking to comply with various regulations:
- www.glpi-project.org: A free, open source tool, GLPI offers IT and asset management capabilities. After all, a good inventory is the first step in seeing what needs to be secured.
- www.ptatechnologies.com: A free toolset that is driven by the methodology of effectively managing operational and infosec risks in complex systems using calculative threat analysis and threat modeling.
- www.somap.org: The ORICO Framework and Tool are two projects in one, offering risk management and the toolset to build a reference implementation of a security framework.
- sourceforge.net/projects/assetmng/: An open source IT asset management system that provides identification, valuation and risk assessments.
- http://openfisma.org/ : An open source framework that is designed to reduce the complexity and automate the regulatory requirements of the Federal Information Security Management Act (FISMA) and the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF).
No comments:
Post a Comment