Send your Windows question to Mitch today! | See other Windows tips

In addition to my writing and other IT work, I also teach MBA-level courses in Information Security Management at Jones International University, an online university that is fully accredited i.e. you can transfer credits for any courses you take there to traditional "bricks and mortar" universities and vice versa. Online universities like JIU are ideal for busy professionals who want to work toward an advanced degree in their spare time. Anyway, one of the issues that comes up frequently in the courses I teach is regulatory compliance. That's because many of my students work in healthcare, finance, and other industry segments where IT operations are subject to various regulatory controls.

Ensuring your company's IT infrastructure is compliant is no easy job. For one thing, you must first be aware of the laws and regulations that apply to your industry. Next you must be aware of how these laws impact IT operations. And finally, you must develop a set of internal procedures and controls to ensure your enterprise complies with these laws and regulations and can stand the test of an external audit or even worse, a lawsuit.

That's why I thought I'd share with you three resources I point my students toward so they can become familiar with the regulatory landscape as it applies to IT. The first is a document Microsoft put together called the Regulatory Compliance Planning Guide and it covers the basics of HIPPA, SOX, GLBA, ISO-17799 and other industry laws and standards, and while some of this coverage is Microsoft-focused, much of it is general and of use to any IT department.

The second resource is a section of Microsoft's own website which describes how to use Microsoft technologies to manage regulatory compliance. While some of the material here is marketing fluff, a lot of it can be quite useful, especially the case studies that can provide a model for how your business can go about ensuring compliance.

I'd also like to recommend Tom Patterson's book Mapping Security from Symantec Press (Addison-Wesley). While this book deals with information security matters more than it does compliance issues, its strength is that it's the first book I know of that provides a truly global overview of the kinds of issues that multinational businesses must be aware of to ensure their IT infrastructures are secure and compliant with all local laws and requirements everywhere. Reading this book for the first time is often an "I didn't know that!" kind of experience for CIOs and CSOs.

Finally, if you know of any good compliance resources you'd like me to share with ITworld readers, feel free to let me know and I'll try to mention them in a future article in this newsletter. For now though, let me end with a quote from an old 80s TV show that my wife and I love to watch reruns of: "Hey, let's be careful out there!"

ITworld.com

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine