Compliance for Compliance Sake?
Posted by Chia-Chee Kuan, CTO at AirMagnet
Date: May 17, 2010

When it comes to network security and privacy, there's no shortage of regulatory compliance, including PCI-DSS, HIPAA, Sarbanes-Oxley, GLBA, FISMA, and more. Although compliance guidelines are laid out differently for each industry, they're essentially the same when it comes to requiring stringent discipline around wireless LAN security. These compliance rules and regulations help raise awareness for wireless security and require significant action on the part of organizations in order to be compliant.

Despite the universal inclusion of wireless security in almost all compliance regulations, some "compliant" companies still find their wireless networks being vulnerable to attack. You might ask yourself how this happens?

Well first, compliance rules/laws/regulations are relatively static when compared to the advance of wireless technologies. Today's action plan for wireless compliance may very well be flawed by tomorrow, as new technology is introduced or a new vulnerability is discovered.

Second, some companies take compliance as a check box item and implement just enough technology to meet the requirements, but not enough to anchor a strong security strategy that actually keeps the network secure. Compliance laws and rules are usually written as regulatory guidelines and principles... with room for technical implementation flexibility. That flexibility can be misused and misinterpreted at the expense of effective wireless security.

Third, compliance does not guarantee security! It's simply a starting point or a series of checkpoints that move an organization toward a secure network environment. Companies using compliance as the foundation of a security strategy will find themselves falling far short of the desired security standards if they simply think compliance guidelines deliver the level of protection needed to maintain a safe, secure network.

Finally, one of the most frequently neglected topics in regard to compliance is the need for an immediate remediation should the network experience an attack or vulnerability. To be fully secure is to be prepared and ready to react on any security breakdown. That means taking compliance a step further and having a complete wireless security strategy, from start to finish.

In summary, regulatory compliance is a welcome addition to the world of wireless security. It raises awareness and helps close major security loopholes that help ensure better customer, partner and/or employee network interaction and security. Achieving compliance for compliance's sake is a recipe for disaster and does not lead to good network security. CSOs and security professional should create wireless security policies and processes that not only map to compliance targets, but also help build a strong security posture for the company. In a world where organizations are constantly dealing with staff shortages, it is critically important to take advantage of security tools to (1) be updated with wireless technologies advancement, (2) be fully compliant without compromised security, (3) be secure beyond compliance, and (4) be ready for remediation when the unexpected hits.

Comments:

Post a Comment

 

Jannika Aug. 5, 2011 12:26 PM

Smack-dab what I was lokonig for-ty!

uxdaqt Aug. 6, 2011 12:32 AM

RrxHTz gckkilzmyntk

smarman Aug. 10, 2011 5:45 PM

insurance auto auctions >:-P car insurance cgr

giacomodesign Aug. 11, 2011 11:55 PM

cheap car insurance 708 universal life insurance 56159

TheChix Aug. 12, 2011 8:00 PM

levitra >:[ levitra 037679

weirdDAR Aug. 13, 2011 12:43 AM

online car insurance ojz cheap auto insurance ntutsu

RonixEnclave Aug. 13, 2011 6:30 PM

american life insurance company ycpeli manufactured home insurance 358

DeathTubeNote Aug. 15, 2011 12:44 AM

car insurance 08320 homeowners insurance california 6726

grimeyman Aug. 15, 2011 7:38 PM

online auto insurance quotes 33541 life insurance quotes 309

unionpie Aug. 16, 2011 8:52 PM

auto insurance 8-[[[ home owners insurance gqvmwm

sarissavanhal Aug. 17, 2011 6:18 PM

auto insurance quotes 8-DDD small business insurance apn

msgalleguez Aug. 18, 2011 6:01 PM

compare levitra and viagra ejpj online physicians cialis 5053

southgrl Aug. 18, 2011 9:12 PM

life insurance no exam zcj car insurance qoutes 042

paulacn Aug. 22, 2011 12:10 AM

life insurance quotes kend car insurance rates 8-(

chicainunboca Aug. 22, 2011 11:52 PM

life insurance quotes 00501 business insurance lke

Eliz Aug. 24, 2011 7:17 AM

Reviews of the best ways to turn gift card into cash
turn gift card into cash quickly and easily,
if you have a gift card that you are not using. Find out all the ways to turn gift card into cash

Eliz Aug. 24, 2011 7:18 AM


Reviews of the best ways to sell unwanted gift cards

Brian Aug. 24, 2011 7:18 AM

Find car auctions in your area and get a car bargain for 90% off its market value at repossessed, seized, surplus and government car auctions
Find car auctions in your area

Corey Aug. 24, 2011 7:19 AM

Trustworthy hair shedding, baldness and hair thinning advice.
hair loss questions/a>

Haga Aug. 29, 2011 1:21 PM

free samples by mail - My Freebie invites you to get a huge selection of free stuff.

Haga Aug. 29, 2011 1:22 PM

best online loan

Android developer Sep. 28, 2011 11:10 PM

I simply want to say I am all new to weblog and absolutely savored this blog site. Very likely I’m likely to bookmark your website . You definitely have beneficial well written articles.
Android developer

Elma Gitter Oct. 16, 2011 2:01 PM

Repo car auctions | dream auto for less

Register website name Feb. 1, 2012 3:26 AM

Nice content I am happy to find your distinguished way of writing the post Thanks to sharing
Register website name

Post a Comment:

Name:

*

 

Email:

*
Note: Your email will not be displayed.

 

Comments:

 *

 

Verification:

Enter in the characters from the image below:
 *