Regulations, security incidents and threats have propelled information security to be the topic on the board agenda in many organizations.
Security Compliance is key to regulatory Compliance
Security Compliance Requires Substantial Organizational Involvement.
Information Security Controls is about :

- Policies
- Standards
- Guidelines
- Procedures

Regulations, like Sarbanes-Oxley (SOX), are forcing companies to ensure that their user communitiers are well controlled, well audited, and appropriately provisioned. Furthermore, the same regulations require a documentation path for all the approval and auditing activities. Meeting these stringent requirements with a patchwork of different identity management solutions is challenging at best and in large organizations, an exercise in futility.

Compliance Challenges : Keeping up with the mandates of SOX, HIPAA, GLBA, and other compliance regulations has become a significant burden for regulated organizations. In a world where the amount of regulatory oversight has increased dramatically, developing and maintaining compliance presents some real challenges.

There are many risks that threaten organizations by disrupting computer systems and business processes. These risks include traditional emergencies like fires, floods, earthquakes, and hurricanes as well as risks from cyber-terrorism, cyber-crime, computer and telecommunications failures, theft, and employee sabotage. Any one of these risks can be very disruptive to a business.

In today's complex and multi-layered world, contingency planning is no longer a luxury; it has become a necessity :

- The Contingency Planning Process
- The Contingency Planning Policy Statement
- The Business Impact Analysis (BIA)
- Preventive Controls
- Recovery Strategies
- A Contingency Plan