Every time another company is reported to be in breach of compliance, an enterprise IT professional dies a little.

The options are so many and real solutions are so few that most IT staff fear they'll be caught napping.

And no wonder: The cost of a breach, from discovery, notification and response to regulatory fines to restitution to other liabilities such as civil penalties, are astronomical, as giant retailer TJMaxx found out. Conversely, organizations that invest in privacy programs could see gains of $400,000 a year due to the reduced probability of a data breach and greater employee and process efficiency, according to Forrester Research.

In a survey of 491 IT professionals attending the recent RSA Conference and Infosecurity Europe 2008 by Shavlik Technologies found that about 76 percent of them were either concerned or highly concerned about compliance with various mandates such as PCI-DSS (define), ISO 27002 or Sarbanes-Oxley.

It should be noted, Shavlik is hardly a neutral party. The company offers the Shavlik Security Suite, which automates assessments and remediation, and includes application control to help IT get rid of unwanted applications and keep them out. It also offers configuration and change management solutions, and custom reporting and analytics capabilities.

PCI-DSS looms largest in the minds of IT security professionals because, "even though the other two are law, PCI is better than law -- you can deny retailers the right to accept credit cards or raise their rates to the point where it's unacceptable," Nancee Melby, senior product manager at Shavlik Technologies, told InternetNews.com.

"Can you imagine a hotel which can't accept credit cards?"

By October, applications used by retailers at the point of sale must be "demonstrably secure", Melby said, adding that retailers are very concerned because "they don't know when to report that something is breached, or what to do when somebody's hanging an iPod off a system that's used to collect credit card information from all the various systems you have in a restaurant."

This article was first published on InternetNews.com. To read the full article, click here.