Compliance Does Not Equal Security


Many business managers assume that meeting compliance requirements and regulations means that the organization has sufficient and effective controls in place to protect against security breaches.  Legislation may specify the actions to be taken in the event of a security breach but typically does not identify the controls needed to protect the organization's sensitive information. 

Protecting your systems and sensitive data is not easy. Network administrators use many techniques to ensure that basic security controls are in place:

  • Access to systems and data is only provided to authorized staff.
  • Firewalls are implemented at the network perimeter.
  • Anti-malware and anti-virus software is used to protect both workstations and servers.
  • Servers and workstations are patched on a regular basis.
  • Backups are performed on a regular basis and stored off-site.

Even with security controls in place, hackers use creative ways to by-pass security systems and gain access to data.  Altius IT recommends additional safeguards to reduce your risks:

  • Assign the role of Chief Security Officer (CSO) to a member of your staff
  • Perform a risk assessment to identify your most important assets
  • Identify and implement controls to protect your important assets
  • Prepare formal policies and an Incident Response Plan
  • Ensure agreements with service providers contain the appropriate wording to protect your organization
  • Implement a security training program for your staff
  • Ensure independent network security audits are performed on an annual basis and after major changes to your systems

A formal network security audit should evaluate over 50 areas including technical, physical, and administrative safeguards and controls that protect information systems and data.  For the business manager, network security audits help the organization identify, manage, and reduce risks before they can be exploited by an intruder.



Security Blog menu  

Tags: compliance audit | data security | it audit | network security audit


Certified Auditors

Certified Information Systems Auditors
Altius IT's auditors are board certified to audit your systems and issue reports and opinions on your security. We help you identify, manage, and reduce your risks. Our comprehensive audit service uncovers gaps in your existing defenses so that you can better:

  • Fortify your network infrastructure
  • Comply with regulatory requirements
  • Protect your valuable assets

For a full list of our certifications please visit our About Us page.