Compliance is about enforcing business process – for example, PCI DSS is about getting the transaction authorized without getting the data stolen. SOX is about sufficiency of internal controls for financial reporting and HIPAA is about being able to disclose PHI to patients without leaks to unauthorized parties.
So where and how does DLP fit into the compliance equation?
Let’s start with COSO recommendations for internal controls:
“If the internal control system is implemented only to prevent fraud and comply with laws and regulations, then an important opportunity is missed…The same internal controls can also be used to systematically improve businesses, particularly in regard to effectiveness and efficiency.”
In the attached presentation – we review data security requirements in compliance regulation, we discuss provable security and show how DLP can serve both as an invaluable measurement tool of security metrics of inbound and outbound business transactions and when required – as a last line of defense for personal account numbers.
Data Security For Compliance 2
View more presentations from dannyl50.
[...] the rest here: Data security and compliance 2 – Beyond vendor hype | Israeli Software tags: access-while, activity-report, attached, compliance-regulation, dlp, dss, [...]