Compliance on a budget – 10 easy steps

There has certainly been a deluge of federal, state and private industry information security regulations, and small and midsized businesses (SMBs) are perhaps the hardest hit. Contrary to all the marketing hype and general belief, there are reasonable ways you can bring your SMB into compliance and stay without having to spend tens of thousands of dollars on technology and other overrated solutions to this problem.

It seems that for every information security assessment I perform, the general outcome is not recommendations to install the latest and greatest firewall, encrypt everything in sight, or lock down every computer to the point of minimum usability. Instead, the recommendations usually involve making changes in the "soft" areas of security -- namely business processes. Obviously, it still costs money in the form of time, effort and other personnel resources to make such changes, but it doesn't have to be that expensive. This is especially true if you have in-house staff that can help with your compliance require

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Sarbanes-Oxley Detecting copied files on the AS/400 using audit journals Tracking System i program object changes System i security policy: Time for a check up Learning guide: Steps to a secure System i 12 security tips in 12 minutes iSeries (AS/400) security: Who's in charge? Study: SOX-compliant firms see drop in costs in year 2 Compliance without Confusion: Addressing the Payment Card Industry's Data Security Standard Mandate Go beyond SOX for business continuity SOX regulations concerning applications Sarbanes-Oxley Research iSeries compliance and regulation System i security policy: Time for a check up Top 10 iSeries white papers YTD Healthcare users struggle with HIPAA Go beyond SOX for business continuity Complying with multiple regulations and contending with conflicts SOX, laws and regulations SMBs meet DoD needs with RFID compliance Strategic Storage: Storage takes center stage in compliance efforts SOX 404 compliance: Efficiency is key SOX-in-a-box: One size does not fit all when it comes to compliance iSeries compliance and regulation Research

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

ments.

Without performing an information security assessment, here are 10 items that, when implemented properly, I guarantee will buy you more bang for your compliance buck than anything else:

Information security and regulatory compliance aren't easy, and nothing good is free. However, if you approach the requirements for doing business in a high-tech economy with some common sense and keep things simple and practical, your small or midsized company -- and especially its cash flow -- should be quite all right.

Kevin Beaver is founder and information security advisor with Atlanta-based Principle Logic LLC. He has more than 17 years of experience in IT and specializes in performing information security assessments. Kevin has authored five information security-related books including Hacking For Dummies (Wiley), the brand new Hacking Wireless Networks For Dummies, and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver @ principlelogic.com.