Achieving compliance with more stringent, dynamic, and overlapping governmental and industry regulations requires that enterprises:
• Protect business-critical corporate information; most notably, Personally Identifiable Information (PII).
• Maintain control over and ensure visibility into corporate information assets, from servers to widely distributed and mobile endpoints.
• Communicate security policies and procedures with employees and partners.
Yet, passing compliance audits is no guarantee your organization is secure from advanced threats and malware.
This presentation will explore a model that better aligns these corporate goals, in which compliance and security initiatives converge. By focusing on driving risk out of the equation and taking a more proactive and, where appropriate, automated approach to security, IT can fulfill both missions more efficiently: achieve compliance, better protect corporate information, and help meet the financial goals of the enterprise.
About Christopher Strand, PCIP
Christopher Strand, PCIP, is security compliance practice director and Bit9’s subject-matter expert on enterprise network and application security solutions and how organizations can deploy positive security solutions to maintain and improve their compliance posture. Strand has more than 20 years of information technology experience, having previously held security/compliance positions with Trustwave, Tripwire, EMC/RSA and Compuware. A PCI professional (PCIP) and former quality security assessor (QSA), Strand speaks frequently at industry events and is quoted regularly by the media on security and compliance issues. He earned a bachelor’s degree in environmental engineering from the University of Guelph in Ontario, Canada.