No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Compliance Success Starts with Change Management

by Tim Woods
December 7, 2018
in Compliance, Featured
perpetual motion balls with one red ball in center and label reading time for change

Best Practices for Merging Security and Compliance

Within many organizations today, security and compliance teams are running in isolation. This introduces significant enterprise risk, as the security team might be doing what’s best to combat advanced attackers, but their actions may not be in compliance with corporate, industry or federal guidelines. Similarly, the compliance team might be laser-focused on adhering to regulations, but their strategy might be introducing security risks. Tim Woods, VP of Technology Alliances at FireMon, outlines the challenges of operating security and compliance in silos.

Every compliance initiative – whether regulatory or internal – poses the same central question: Are you monitoring for change? While the question is a simple one, for many companies, the answer remains elusive.

Whenever there’s a data breach, compliance failure or system outage, the first thing business leaders want to know is: What changed? And, too often, the response from security and compliance teams is “nothing,” when, in fact, change is happening – they just don’t know about it. By no means are these teams attempting to mask the truth, they are simply being forthright with the limited information available to them.

Maintaining awareness of network and access changes is an important element in achieving a strong security and compliance posture, along with reliable network operations and services. But change management is a complex challenge for many companies for two reasons: 1) limited team collaboration and 2) lack of visibility.

Uniting Business, Security and Compliance Teams

Mastering change management and successfully achieving compliance goals requires collaboration. Business, security and compliance teams must consistently work together and share information. Yet, within many organizations, these teams run in isolation, which can introduce significant enterprise risk. For example, security professionals may do what’s best to combat advanced attackers, but their actions may not be compliant with corporate policies or industry regulations. Similarly, the compliance team may be laser-focused on adhering to regulations, but their strategies may introduce significant gaps in security defenses. Last, but certainly not least, business teams often deploy new applications and services as quickly as possible to speed time-to-market, leaving security and compliance as afterthoughts.

The effects of departmental silos can significantly impact an organization’s ability to achieve compliance objectives, and policy creation and management serves as a great example. When a new access request or a change request is submitted, the security team needs to know information such as:

  • Who is requesting the access or change?
  • Is the request for someone other than the requestor?
  • What is the associated department?
  • What access is being requested (i.e., access to what data or systems)?
  • What is the business justification for the request?
  • Where will the access come from?
  • What is the expected duration of the access?
  • When does this access need to be in place?

Many times, because of the communications barriers that exist between their team and the business and compliance groups, security professionals don’t get the information they need to develop the best possible access policies. This often results in rules and policies that are inaccurate, non-compliant, redundant, outdated or overly permissive. For example, security professionals might grant access beyond what is required to meet the needs of the business, they might provide access to the wrong data or systems or they might fail to provide sufficient documentation to prove they are following compliance requirements.

When business teams provide appropriate context around the objectives behind their requests, security professionals can create intent-based access rules that uphold security and compliance requirements and then provide the compliance team with the appropriate documentation proving new policies are compliant with internal, industry and federal mandates. When these three equally important groups work in unison – rather than isolation – network and access change information can be shared, the appropriate actions can be taken, and the success rate of compliance projects increases dramatically.

Gaining Visibility into Network Changes

Monitoring for access and network changes was a lot easier in the simpler days of security, when IT infrastructures were much more streamlined and a concrete perimeter existed to separate a company’s assets from the outside world. In today’s world, however, security and compliance teams are responsible for networks, servers, databases and desktops while managing the complexity created by cloud computing, virtualized application deployments, containerization of applications, software-defined network services and other new technologies made possible by digital transformation. These diverse and highly distributed IT infrastructures make it impossible to manage change with manual processes, because they simply cannot scale to keep pace with the growth in complexity.

The evolution of IT infrastructures now demands automatic and dynamic change management, where real-time change monitoring solutions detect, capture, alert on, analyze and report on changes as soon as they happen – and, thankfully, this technology exists today. Real-time change monitoring solutions:

  • Detect changes as they happen,
  • Perform a differential comparison of the previous configuration to the newly modified configuration and
  • Provide a delta change report following the differential comparison that states which monitored device was changed, when the change was made, who made the change and details of the change.

Capturing and documenting change in this way enables organizations to confidently respond when asked if they’re monitoring for change and also to answer two equally important follow-up questions: “How are you monitoring for changes?” and “Is there documented proof of changes?”

Staying secure and compliant in today’s world of sophisticated cyber criminals and never-ending regulations is possible. It just takes teamwork, vigilance and a bit of technology to get there.


Tags: Business Continuity PlanningData Breach
Previous Post

The Purpose of a Compliance Program

Next Post

The Data Privacy Whirlwind Grows in California

Tim Woods

Tim Woods

Tim Woods brings more than 20 years of systems engineering leadership experience to his role as VP of Technology Alliances at FireMon, where he has global responsibility for developing and growing FireMon’s relationships with its technology partners. Prior to FireMon, Tim held a variety of sales and technical positions at companies such as Secure Passage, Crossbeam Systems and Nokia Enterprise Solutions. Before that, he served as a cryptologic technician in the Naval Security Group for the U.S. Navy. A graduate of the University of Maryland, Tim’s personal passion is educating others on new and emerging technologies, with a desire to build strong organizational security postures.

Related Posts

new york and us flags

New York Tightens the Breach Clock: 30 Days to Notify

by Melissa Crespo and Reiley Porter
May 12, 2025

State joins growing national trend toward broader personal information definitions and stricter notification timelines for data compromises

group looking at data breach details digital art collage

Navigating Data Breach Compliance & Communication

by Salim Gheewalla
October 28, 2024

Compliant response starts well before an incident occurs

crowdstrike

Risk Lessons From CrowdStrike’s Blunder

by Staff and Wire Reports
July 24, 2024

Organizations continue to grapple with faulty update fallout

Mayer Brown Business Transformation

Seven Dimensions of Successful Business Transformation

by Corporate Compliance Insights
July 10, 2024

Business leaders increasingly thinking about how to keep pace with AI Survey Seven Dimensions of Successful Business Transformation What’s in...

Next Post
whirlwind coming from empty paper box held by businessman

The Data Privacy Whirlwind Grows in California

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights