Over the last decade there has been a significant increase in the amount of compliance that businesses have had to deal with. Nowhere is this more evident than in the fields of data privacy and security. This is presenting significant challenges for organisations especially those who have to adhere to multiple regulations that can often overlap and conflict. Additionally, the extra-territorial nature of some regulations makes them complicated to address.
To get a better understanding of the problem, Enterprise Times talked with John South, Senior Director of Global Threat Intelligence Development at NTT Security. Unlike many of his peers in the cyber security industry, South is also a visiting professor at a local university. He teaches a class on cyber law and cyber compliance.
South talked about how he approaches the situation saying: “One of the ways that I always approached compliance was to try to build a common framework that takes the elements of, like say HIPAA, PCI, GDPR or Privacy in the States and build that intersection so that I know what the various elements are.” Once you know what each piece of legislation requires, South believes you can then start to build a coherent set of policies.
To make life easier, South points out that using a tool such as the Uniform Compliance Framework is a start. It will look at the different requirements and highlight where they overlap or conflict. It is also important for organisations to bring in experts to help carry out gap analysis before they start.
To hear more of what South had to say listen to the podcast
Where can I get it?
obtain it, for Android devices from play.google.com/music/podcasts
use the Enterprise Times page on Stitcher
listen to the Enterprise Times channel on Soundcloud
listen to the podcast (below) or download the podcast to your local device and then listen there.