Policy management vendor BindView Corp is fronting a new compliance council alongside two professional bodies, with a remit to develop and promote a series of metrics that would provide enterprises with the necessary performance measurements to gauge if they were hitting various IT security compliance requirements.
The goal of the new Security Compliance Council, which is being backed by the Computer Security Institute and The Institute of Internal Auditors, is to promote a better understanding of global IT security compliance requirements.
Bindview has recently been seeding its flagship Compliance Center product with compliance content on regulations such as Sarbanes-Oxley, FISMA, HIPAA, Basel II, and GLBA, so that it can be used by organizations to map IT security controls directly to the regulations. Bindview’s product applies a knowledge base of regulations to industry-accepted frameworks such as ISO 17799, COBIT, or NIST SP800-53. The product will then apply benchmarks such as those developed by the Center for Internet Security to establish the recommended configuration specifications for IT assets.
Products that help shape capability in this way are said to help reduce compliance costs by a half. According to latest research carried out by IDC, products that automate manual compliance tasks can shrink compliance costs by 50% to 90%. Tools that logically structure enterprise systems by applying a standard set of recognized policies to the regulations, mean organizations are able to define, control, and sustain IT compliance requirements with the best degree of cost containment, IDC said.
The Security Compliance said it aims to develop other, innovative methods to reduce compliance costs. It is about to start surveys for its first two benchmarking reports (see www.securitycompliance.com).