Monday, August 23, 2010

Leveraging a Maturity Model to Achieve Proactive Compliance

This is a very thorough white paper by Symantec - timely and comprehensive.  Here is an excerpt from the introduction:

This paper examines how organizations can use a Capability Maturity Model to help achieve proactive compliance. It explores how an organization can move from the lower levels of the model, where the focus is typically on process alignment and mechanisms for assessing risk, to the higher levels where the needs of CIOs, CISOs and Compliance Managers are met through a combined focus on system availability, data security and compliance. Drawing on recent research from the IT Policy Compliance Group, the benefits of such operational excellence are quantified. Each level of the Capability Maturity Model is described, including recommendations for moving up to the next level. Guidelines are also provided for solutions to be adopted at each level in support of these recommendations. Finally, this paper highlights how
one Fortune 500 company realized significant cost-savings in the areas of audit scoping, preparation and testing as it moved towards adopting a truly proactive approach to compliance.

To download the paper, follow this link.

No comments: