• Previous
    Free Compliance Management Tools
    Next

    Free Compliance Management Tools

    Most IT pros consider compliance a hassle. Yet the tools of compliance can empower security technologies and simplify risk management. Better yet, some of those tools are free.
  • Previous
    GLPI
    Next

    GLPI

    A free, open source tool, GLPI offers IT and asset management capabilities. After all, a good inventory is the first step in seeing what needs to be secured.
  • Previous
    Practical Threat Analysis
    Next

    Practical Threat Analysis

    A free toolset that is driven by the methodology of effectively managing operational and infosec risks in complex systems using calculative threat analysis and threat modeling.
  • Previous
    SOMAP
    Next

    SOMAP

    The ORICO Framework and Tool are two projects in one, offering risk management and the toolset to build a reference implementation of a security framework.
  • Previous
    SourceForge
    Next

    SourceForge

    An open source IT asset management system that provides identification, valuation and risk assessments.
  • Previous
    OpenFISMA
    Next

    OpenFISMA

    An open source framework that is designed to reduce the complexity and automate the regulatory requirements of the Federal Information Security Management Act (FISMA) and the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF).

Many organizations must comply with regulations such as HIPAA, and the numbers are growing, fueled by constantly evolving legislation that creates new rules, requirements and auditing procedures. Compliance requirements are often seen as an unnecessary burden that was legislated into existence to protect external entities. However, properly enforced compliance policies can protect organizations from a myriad of problems – ranging from security breaches to lawsuits to corporate espionage.

Compliance has a symbiotic relationship with the procedures and requirements dictated by computer security. Compliance, like security, is all about managing risk. The risk associated with compliance failures can include financial impact (fines), data loss (intrusions), lost business (customer impacts) or even a suspension of operations. While it is easy to see how security and compliance go hand in hand with risk management, the realization does not ease any burdens. Unifying risk management, security management and risk management can lead to an economy of scale, creating efficiencies that do lessen the burdens imposed, both in time and budgets.

Unified security management tools that offer integration and management modules can often combine risk management, compliance initiatives and security controls into a single managed element, converting compliance to little more than an extension of policy-based security enforcement. With the proper tool set, compliance management and risk management can become natural extensions of security management, offering managers a clear path to establishing compliance, protecting data and enforcing policy. That holistic approach will reduce costs, while enhancing the benefits of all three.