The Need to Simplify Compliance Risk Control Implementation (Virsec Blog)

Organizations around the world must fulfill an increasing number of regulatory requirements including NIST, Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS) and General Data Protection Regulation (GDPR) as well as federal and state data breach laws. Failure to do so can result in costly violations as well as priceless damage to brand reputations and much more.

For example, earlier this month, the U.S. Securities and Exchange Commission (SEC) announced that the London-based educational publishing company Pearson agreed to pay $1 million to settle charges that it misled investors about a 2018 data breach. This week, the SEC sanctioned eight firms, including Cetera Financial Group, Cambridge Investment Research and KMS Financial Services, for deficient cybersecurity policies and procedures, which resulted in the exposure of their clients’ personal information.

The SEC isn’t the only organization looking to enforce compliance to data breach laws and regulations. State governments increasingly are holding organizations accountable. For example, last week the California Department of Justice (DOJ) issued a press release calling for healthcare facilities to comply with state and federal health data privacy laws. “Today’s bulletin comes on the heels of multiple unreported ransomware attacks against California healthcare facilities,” according to the announcement.

In addition to California, a number of states including Connecticut, Texas, Nevada and Mississippi tightened or updated their data breach and cybersecurity laws and requirements.

Meeting Cybersecurity Compliance Requirements: How Virsec Can Help

Regulatory professionals must be assured compliance controls will remain uncompromised by the constant change to production and heavy dependence on outdated technology that introduces considerable risk – even one erroneous line of code or the introduction of a new vulnerability could make an application break compliance.

Virsec can help organizations meet their cybersecurity compliance requirements by simplifying the implementation of risk controls and eliminate redundancy with a single solution – Virsec Security Platform (VSP). VSP fills gaps in security and provides the most comprehensive protection that ensures appropriate actions always take place to mitigate or avoid risk on an ongoing basis.

Additional compliance benefits include:

• Taking this time to get ISS, GA Creative and RocketBuild on the same page for building the assessment. Looking forward to speaking with you all.
• Risk controls are simplified as crucial capabilities found in solutions like IDS/IPS/EDRs/WAFs are unified within VSP and optimized with increased automation and more vigorous enforcement of runtime protection in real-time to lower MTTR and eliminate false alerts.
• VSP easily embeds continuous compliance assessments and automatic risk management behaviors into day-to-day operations and after significant events while ensuring protections are already in place.