{"id":5883,"date":"2024-01-10T11:38:28","date_gmt":"2024-01-10T16:38:28","guid":{"rendered":"https:\/\/solutionsreview.com\/network-monitoring\/?p=5883"},"modified":"2024-01-10T11:38:28","modified_gmt":"2024-01-10T16:38:28","slug":"its-a-team-sport-security-and-compliance","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/network-monitoring\/its-a-team-sport-security-and-compliance\/","title":{"rendered":"It\u2019s a Team Sport: Security and Compliance"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-5884\" src=\"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/01\/Security-and-Compliance.jpg\" alt=\"Security and Compliance\" width=\"786\" height=\"393\" srcset=\"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/01\/Security-and-Compliance.jpg 786w, https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/01\/Security-and-Compliance-300x150.jpg 300w, https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/01\/Security-and-Compliance-768x384.jpg 768w\" sizes=\"(max-width: 786px) 100vw, 786px\" \/><\/p>\n<p><strong><em>Solutions Review\u2019s\u00a0<a class=\"fui-Link ___1idfs5o f3rmtva f1ewtqcl fyind8e f1k6fduh f1w7gpdv fk6fouc fjoy568 figsok6 f1hu3pq6 f11qmguv f19f4twv f1tyq0we f1g0x7ka fhxju0i f1qch9an f1cnd47f fqv5qza f1vmzxwi f1o700av f13mvf36 f1cmlufx f9n3di6 f1ids18y f1tx3yz7 f1deo86v f1eh06m1 f1iescvh ftqa4ok f2hkw1w fhgqx19 f1olyrje f1p93eir f1h8hb77 f1x7u7e9 f10aw75t fsle3fq f17ae5zn\" title=\"https:\/\/solutionsreview.com\/solutions-review-contributor-guidelines\/\" href=\"https:\/\/solutionsreview.com\/solutions-review-contributor-guidelines\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Link Contributed Content Series\"><u>Contributed Content Series<\/u><\/a> is a collection of contributed articles written by thought leaders in enterprise software categories. Robin Tatam of <a href=\"https:\/\/www.puppet.com\/\" target=\"_blank\" rel=\"noopener\">Puppet by Perforce<\/a> coaches us how to approach security and compliance as a team sport. Like a team sport, everyone needs to be involved.<\/em><\/strong><\/p>\n<p>In an ideal world, the developers\u2019 environment is already secure and compliant when they begin to work. However, the ideal world isn\u2019t always reality. This is why it is imperative that organizations protect their data and proprietary materials, especially as research shows that damage from cyber-attacks could result in an annual loss of $10.5 trillion by 2025.<\/p>\n<p>As companies grapple with the Securities and Exchange Commission&#8217;s (SEC) newly adopted cybersecurity disclosure rules, security and compliance must become a top priority for not just the security team, but for the entire IT operations team. To be flexible and agile in this new disclosure era, teams cannot operate in a siloed environment \u2013 they must embrace the fact that to satisfy today\u2019s security standards and compliance regulations, an entire organization needs to be behind this effort. Today, security and compliance must be seen as a team sport with shared responsibilities across multiple facets of the company.<\/p>\n<h2><strong>It\u2019s a Team Sport: Security and Compliance<\/strong><\/h2>\n<hr \/>\n<h3><strong>Playing by the SEC\u2019s Rules<\/strong><\/h3>\n<p>In July, the SEC adopted new cybersecurity rules for public companies, requiring businesses to disclose a material incident within four business days from the time the organization determines it occurred. These new rules are meant to enhance and standardize the way companies report cybersecurity risk management strategies. Besides the four-day disclosure rule, U.S.-based companies must also comply with new incident reporting and governance disclosure requirements, including filing Form 8-K or Form 6-K, depending on the incident at hand. These requirements are more detailed than the guidance that the SEC previously issued in 2011 and 2018.<\/p>\n<p>When a company experiences a cyber-attack, it is crucial to manage the risk by moving swiftly to contain the event and return to a secure environment. However, four days is a short amount of time once a company has ascertained an incident is material to then disclose it through the proper forms, while likely still actively engaged in mitigation. This new timeframe highlights the need for companies to have a carefully crafted and pressure-tested response plan in place beforehand, instead of scrambling to create one after they\u2019ve fallen victim to a cyber-attack.<\/p>\n<h3><strong>Adopting the \u201cTeam Sport\u201d Mentality <\/strong><\/h3>\n<p>It can be easy to assume that compliance is the responsibility of one person (or one specific role) within an organization, meaning that each team stays in their respective lanes to complete their jobs. However, today\u2019s fast-paced IT environment is plagued by cyberthreats that continue to grow in both volume and sophistication. Therefore, the IT operations team must now be just as much a part of the security and compliance discussion as the security team. By reducing the amount of time to identify and report an incident down to only 96 hours, the SEC is clearly suggesting that everyone must work as a team. Agility and flexibility are necessary to meet the tightened timeframe. Additionally, incorporating responsibilities for both IT operations and security teams means being able to establish an order of operations to follow once they find a security breach. By having the chain of command pre-planned, each team knows their role and wasted time is eliminated. Implementing a \u201cteam sport\u201d mentality is paramount as organizations move forward in the new world of security and compliance disclosure.<\/p>\n<h3><strong>Building a Response Plan<\/strong><\/h3>\n<p>Having an incident response plan (IRP) for security and compliance incidents was a best practice prior to the SEC\u2019s new four-day disclosure requirement. Now that the window to report is narrower than ever, it is of the utmost importance that teams not only have a response plan in place, but that all of the responsible individuals in the organization know the details of the plan.<\/p>\n<p>An IRP must clearly identify responsibilities and should be shared across teams to facilitate efficiency and an enhanced sense of preparedness. A team mindset encourages more effective communication when an incident does take place, thereby reducing time-sapping confusion on what next steps should look like. If responsibilities for reporting incidents fall on one individual, an organization leaves themselves vulnerable should that individual leave the company. In today\u2019s volatile job market, everyone across an organization\u2019s team should have access to the same knowledge base on maintaining security and compliance in the event of employee turnover. New team members must be trained as well, further solidifying the team mentality.<\/p>\n<h3><strong>Continuous Course Correction<\/strong><\/h3>\n<p>The SEC has also enacted periodic disclosure requirements to verify an organization\u2019s processes for assessment, identification, and management of cybersecurity risk. This aligns with experts\u2019 recommendations that policy be established using best practice security frameworks and standards, such as those published by The Center for Internet Security (CIS). Once deployed, servers should be frequently and repeatedly re-evaluated and course corrected to assure that settings, patches, and other configuration elements remain consistent with policy expectations. A security or audit department may ultimately have responsibility for signing off regarding compliance, but IT departments should contribute by enacting solutions that can correct drift between formal audits.<\/p>\n<p>To paint a picture, consider two ships sailing independently across the world, one that makes course corrections only every few weeks and one that course corrects continuously. The first boat makes wild\u2014and potentially catastrophic\u2014course deviations. The second sails in a near-straight line, with the skipper having to validate only that the course correction system is working effectively and to sign off on the ship\u2019s location. In IT, the operations team can automatically mitigate configuration drift, leaving the security department responsible for setting policy and occasionally auditing that the processes are working.<\/p>\n<p>Despite organizations\u2019 best efforts, cyber criminals are always two steps ahead. Therefore, catching the incident as soon as it happens and reporting it in a timely manner is a potential gamechanger for cybersecurity management. As long as company departments work cohesively as a team and have an actionable response plan in place when an incident occurs, they can handle the SEC\u2019s new disclosure rules with ease.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Solutions Review\u2019s\u00a0Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Robin Tatam of Puppet by Perforce coaches us how to approach security and compliance as a team sport. Like a team sport, everyone needs to be involved. In an ideal world, the developers\u2019 environment is already secure [&hellip;]<\/p>\n","protected":false},"author":1011,"featured_media":5884,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1,21],"tags":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>It\u2019s a Team Sport: Security and Compliance<\/title>\n<meta name=\"description\" content=\"Robin Tatam of Puppet coaches us how to approach security and compliance as a team sport. Like a team sport, everyone needs to be involved.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/network-monitoring\/its-a-team-sport-security-and-compliance\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"It\u2019s a Team Sport: Security and Compliance\" \/>\n<meta property=\"og:description\" content=\"Robin Tatam of Puppet coaches us how to approach security and compliance as a team sport. Like a team sport, everyone needs to be involved.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/network-monitoring\/its-a-team-sport-security-and-compliance\/\" \/>\n<meta property=\"og:site_name\" content=\"Best Network Monitoring Vendors, Software, Tools and Performance Solutions\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-10T16:38:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/01\/Security-and-Compliance.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"786\" \/>\n\t<meta property=\"og:image:height\" content=\"393\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Robin Tatam\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Robin Tatam\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/network-monitoring\/its-a-team-sport-security-and-compliance\/\",\"url\":\"https:\/\/solutionsreview.com\/network-monitoring\/its-a-team-sport-security-and-compliance\/\",\"name\":\"It\u2019s a Team Sport: Security and Compliance\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/network-monitoring\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/network-monitoring\/its-a-team-sport-security-and-compliance\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/network-monitoring\/its-a-team-sport-security-and-compliance\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/01\/Security-and-Compliance.jpg\",\"datePublished\":\"2024-01-10T16:38:28+00:00\",\"dateModified\":\"2024-01-10T16:38:28+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/network-monitoring\/#\/schema\/person\/9a2fe4d14dee659a93063406b9079535\"},\"description\":\"Robin Tatam of Puppet coaches us how to approach security and compliance as a team sport. Like a team sport, everyone needs to be involved.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/network-monitoring\/its-a-team-sport-security-and-compliance\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/network-monitoring\/its-a-team-sport-security-and-compliance\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/network-monitoring\/its-a-team-sport-security-and-compliance\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/01\/Security-and-Compliance.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/01\/Security-and-Compliance.jpg\",\"width\":786,\"height\":393,\"caption\":\"Security and Compliance\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/network-monitoring\/its-a-team-sport-security-and-compliance\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/network-monitoring\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"It\u2019s a Team Sport: Security and Compliance\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/network-monitoring\/#website\",\"url\":\"https:\/\/solutionsreview.com\/network-monitoring\/\",\"name\":\"Best Network Monitoring Vendors, Software, Tools and Performance Solutions\",\"description\":\"Solutions Review Network Monitoring\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/network-monitoring\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/network-monitoring\/#\/schema\/person\/9a2fe4d14dee659a93063406b9079535\",\"name\":\"Robin Tatam\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/network-monitoring\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/01\/Robin-Tatam-Headshot.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/01\/Robin-Tatam-Headshot.jpg\",\"caption\":\"Robin Tatam\"},\"description\":\"Robin Tatam (CISM CPFA CTSP CTMA PCI-P) has more than 30 years of DevOps and security and compliance experience. As a five-time IBM Champion, IBM selected Robin to co-author the IBM i Redbook on encryption in addition to being the lead author of the State of IBM i Security report. Robin is also a COMMON Speaker Excellence Hall of Fame inductee. He joined Perforce in January 2023 as the senior director of product marketing at Puppet by Perforce. In his free time, Robin loves to travel and experience other cultures and is an accomplished photographer.\",\"url\":\"https:\/\/solutionsreview.com\/network-monitoring\/author\/rtatam\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"It\u2019s a Team Sport: Security and Compliance","description":"Robin Tatam of Puppet coaches us how to approach security and compliance as a team sport. Like a team sport, everyone needs to be involved.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/network-monitoring\/its-a-team-sport-security-and-compliance\/","og_locale":"en_US","og_type":"article","og_title":"It\u2019s a Team Sport: Security and Compliance","og_description":"Robin Tatam of Puppet coaches us how to approach security and compliance as a team sport. Like a team sport, everyone needs to be involved.","og_url":"https:\/\/solutionsreview.com\/network-monitoring\/its-a-team-sport-security-and-compliance\/","og_site_name":"Best Network Monitoring Vendors, Software, Tools and Performance Solutions","article_published_time":"2024-01-10T16:38:28+00:00","og_image":[{"width":786,"height":393,"url":"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/01\/Security-and-Compliance.jpg","type":"image\/jpeg"}],"author":"Robin Tatam","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Robin Tatam","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/network-monitoring\/its-a-team-sport-security-and-compliance\/","url":"https:\/\/solutionsreview.com\/network-monitoring\/its-a-team-sport-security-and-compliance\/","name":"It\u2019s a Team Sport: Security and Compliance","isPartOf":{"@id":"https:\/\/solutionsreview.com\/network-monitoring\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/network-monitoring\/its-a-team-sport-security-and-compliance\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/network-monitoring\/its-a-team-sport-security-and-compliance\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/01\/Security-and-Compliance.jpg","datePublished":"2024-01-10T16:38:28+00:00","dateModified":"2024-01-10T16:38:28+00:00","author":{"@id":"https:\/\/solutionsreview.com\/network-monitoring\/#\/schema\/person\/9a2fe4d14dee659a93063406b9079535"},"description":"Robin Tatam of Puppet coaches us how to approach security and compliance as a team sport. Like a team sport, everyone needs to be involved.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/network-monitoring\/its-a-team-sport-security-and-compliance\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/network-monitoring\/its-a-team-sport-security-and-compliance\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/network-monitoring\/its-a-team-sport-security-and-compliance\/#primaryimage","url":"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/01\/Security-and-Compliance.jpg","contentUrl":"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/01\/Security-and-Compliance.jpg","width":786,"height":393,"caption":"Security and Compliance"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/network-monitoring\/its-a-team-sport-security-and-compliance\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/network-monitoring\/"},{"@type":"ListItem","position":2,"name":"It\u2019s a Team Sport: Security and Compliance"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/network-monitoring\/#website","url":"https:\/\/solutionsreview.com\/network-monitoring\/","name":"Best Network Monitoring Vendors, Software, Tools and Performance Solutions","description":"Solutions Review Network Monitoring","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/network-monitoring\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/network-monitoring\/#\/schema\/person\/9a2fe4d14dee659a93063406b9079535","name":"Robin Tatam","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/network-monitoring\/#\/schema\/person\/image\/","url":"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/01\/Robin-Tatam-Headshot.jpg","contentUrl":"https:\/\/solutionsreview.com\/network-monitoring\/files\/2024\/01\/Robin-Tatam-Headshot.jpg","caption":"Robin Tatam"},"description":"Robin Tatam (CISM CPFA CTSP CTMA PCI-P) has more than 30 years of DevOps and security and compliance experience. As a five-time IBM Champion, IBM selected Robin to co-author the IBM i Redbook on encryption in addition to being the lead author of the State of IBM i Security report. Robin is also a COMMON Speaker Excellence Hall of Fame inductee. He joined Perforce in January 2023 as the senior director of product marketing at Puppet by Perforce. In his free time, Robin loves to travel and experience other cultures and is an accomplished photographer.","url":"https:\/\/solutionsreview.com\/network-monitoring\/author\/rtatam\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/network-monitoring\/wp-json\/wp\/v2\/posts\/5883"}],"collection":[{"href":"https:\/\/solutionsreview.com\/network-monitoring\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/network-monitoring\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/network-monitoring\/wp-json\/wp\/v2\/users\/1011"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/network-monitoring\/wp-json\/wp\/v2\/comments?post=5883"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/network-monitoring\/wp-json\/wp\/v2\/posts\/5883\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/network-monitoring\/wp-json\/wp\/v2\/media\/5884"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/network-monitoring\/wp-json\/wp\/v2\/media?parent=5883"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/network-monitoring\/wp-json\/wp\/v2\/categories?post=5883"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/network-monitoring\/wp-json\/wp\/v2\/tags?post=5883"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}