IT Compliance

Published security breaches have been caused by holes in the software architecture, more often than not the culprit is found a hole in the head of a human operator. These people usually choose to ignore the established Information Technology compliance procedures that have been put in place to prevent such incidents.

In many instances, IT compliance is a mystery to people, so it might be a good idea to go back to the first principle and define the concept before exploring further into the problem of abuse. IT compliance is a catchall term which actually includes two separate but closely related concepts.

First is the problem of internal compliance. This includes procedures established by operational entities such as companies or educational institutions that regulate how users must operate the equipment they have. These principles are designed to increase productivity and ensure security. Using a company server to surf for pornography is usually a double violation of internal compliance principles. Users waste company time by engaging in personal satisfaction on the clock, and also endanger the entire system by opening the door to malicious software that often hides on the site.

External compliance is the question of adhering to the principles set by entities outside the internal network structure, such as the government. Government regulations may require storing e-mail and other electronic documents for a specified period of time, for example. External compliance may also require a mandatory surveillance or presence installation from a hidden back door that can only be accessed by law enforcement agencies.

External policies can also put operating methods that must be obeyed. In extreme cases like North Korea, it may not be technically illegal to seek information about General Douglas MacArthur’s military career or peruse the Libertarian Party platform. Doing so by accessing prohibited sites that offer a heretical viewpoint will be a grave breach of the external external compliance regime of the country.

In theory, strict compliance by everyone with all internal and external IT compliance policies must result in impenetrable network security, but it will still assume that internal and external policies are perfect and without all vulnerabilities. However, compliance greatly reduces security failures in the face of all but is most determined by attacks on the system.


IT Compliance: Following Rules and Meeting Standards

While compliance is similar to security in that it drives a business to practice due diligence in the protection of its digital assets, the motive behind compliance is different: It is centered around the requirements of a third party, such as a government, security framework, or client’s contractual terms.