10 Key Compliance Pitfalls -- And How To Avoid Them

  /     /     /  
Publicated : 22/11/2024   Category : security


10 Key Compliance Pitfalls -- And How To Avoid Them


A look at the most common mistakes in compliance initiatives, and what you can learn



[Excerpted from 10 Key Compliance Pitfalls -- and How to Avoid Them, a new report posted this week on Dark Readings
Compliance Tech Center
.]
Today, its the rare business that doesnt have some regulation on its radar, whether its because the business processes credit cards, handles personal client information, is publicly traded, handles medical information, operates on behalf of a national or regional government, or any other number of considerations.
In fact, not only do most organizations have to comply with some regulatory mandate or another, most of them need to comply with multiple regulations. InformationWeeks 2012 Regulatory Compliance Survey found that 71% of the organizations surveyed had more than one compliance requirement that they must adhere to.
Because regulations are so pervasive, the chances for mistakes are high. Here is a look at some of the most pernicious compliance issues -- those that occur frequently and that have the potential for significant consequences.
While theres no exhaustive list of everything that can or might go wrong (there are quite literally too many possibilities to mention), understanding the most common pitfalls organizations struggle with can help you avoid the same issues.
1. Striving Toward the Bottom
One particularly problematic dynamic is when an organization views minimum compliance as an operational target in and of itself.
This happens more often than you might think. Note that by this were not saying that organizations should be doing more. While that may be true in some cases, were talking here about business dynamics -- intentionally created or otherwise -- that actively favor long-term weakening of the organizations compliance posture over time.
As an illustration of how this can happen, consider an organization in which budget requests for security or risk management activities are routinely dismissed unless the request can be tied directly to an audit issue. In this situation, the bare minimum is the upper bound.
The risk and security implications of this are obvious, but theres also a compliance impact. Specifically, a sort of entropy occurs within an organization over the long term -- overall compliance will tend to drift from compliant to not compliant as business processes are added or changed, personnel rotated and new technology brought to bear. So even though the bare minimum is the theoretical maximum ceiling, its one the organization will tend to stay below.
Resolving this situation isnt easy. Its usually caused by cultural factors, so a shift in culture is required to address it. This isnt easy to bring about, and it will probably take more than the efforts of just a handful of individuals.
2. Having Only a Little Knowledge
Youve heard that a little knowledge can be dangerous, right? Its true generally but particularly so when it comes to compliance. Sometimes organizations just arent doing what they need to because they dont understand fully whats required.
An example is the merchant who believes that having a low transaction volume means the organization doesnt have to comply with Payment Card Industry Data Security Standards (PCI DSS), or the hospital that ignores addressable implementation specifications in the Health Insurance Portability and Accountability Act (HIPAA).
Fixing the underlying issue (becoming more educated about the regulations) isnt hard, but dealing with the ramifications can be. Organizations must educate themselves fully about their regulatory requirements, but they must also address potential areas of prior misunderstanding.
Start by reading the regulations in their entirety (this sounds like a basic piece of advice, but youd be surprised how infrequently its done) as well as any other source material published by the regulator (such as FAQs, interpretive guidance and audit standards).
As your knowledge of the regulatory context expands, youre likely to find areas in which past decisions were made on faulty understanding. If so, it will be important to build a case for remediation with decision-makers -- they might not understand why what was copacetic before represents a problem now.
To read more about these two issues -- and to get details on the other eight most common pitfalls --
download the free report on security and compliance
.
Have a comment on this story? Please click Add a Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
10 Key Compliance Pitfalls -- And How To Avoid Them