Identity Management: The Foundation for Compliance
December 23, 2008 01:00 PM
At the root of most regulatory mandates is the basic requirement to protect information, ensuring its privacy and accuracy. In other words, regulations specify that organizations create an environment of effective overall information security practices. There are many different areas of security, but from a business perspective organizations simply want to prevent misuse of information in order to protect their customers, shareholders, and employees. Building trust and reducing risk can bolster confidence while also helping an organization to meet its compliance obligations.
When most people think of security they think about firewalls and encryption, but one of the most common areas of risk is in an area often taken for granted: the proper management of user and password information. Identity Management is a solution that streamlines, secures, and governs this fundamental business process. This paper discusses the inner-workings of an Identity Management solution and how it relates to these mandates: Sarbanes-Oxley (SOX), Payment Card Industry Data Security Standard (PCI), and the Health Insurance Portability and Accountability Act (HIPAA).