An organization has been formed dedicated to researching IT security compliance.
The Security Compliance Council will produce performance measurement guidelines based on the myriad regulatory pressures being applied in Asia, Europe and the U.S.
The council will be led by the Computer Security Institute (CSI) and the Institute of Internal Auditors (ISA).
Steve Kahan, vice president at compliance software company Bindview, will act as president of the new organization.
"Estimates for 2005 suggest that compliance will exceed $15 billion in the U.S. alone," said Kahan. "Essentially the new regulatory environment is stretching IT professionals to the limit and there's a real lack of information out there. We must identify new, more practical methods for implementing lower cost security and compliance to meet today's regulatory requirements. This will be the primary goal of our research pursuits."
The research program will be directed by James Hurley, formerly an analyst at the Aberdeen Group. Surveys on the first two reports produced by the council will begin this week on the topics of "The CSO's Security Compliance Agenda" and "U.K. Security Spend and Performance Benchmark." The council hopes to produce new research every quarter.
In June, SC reported how CardSystems faced high-profile compliance problems after a huge data breach. The breach meant the data broker had to inform thousands of Californians their data may have been compromised under Californian Senate Bill 1386.