The best data security offense is a good defense

FREE

Become An Insider

Sign up now and get free access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content from the best tech brands on the Internet: CIO, CITEworld, CSO, Computerworld, InfoWorld, ITworld and Network World. Learn more.

Pennsylvania's Department of Public Welfare establishes a security risk framework that rationalizes 4,000 regulations into 350 integrated requirements

It was like finding a needle in a haystack. On her first day as security and risk manager at the Pennsylvania Department of Public Welfare, Pamela Skelton was met with piles of disorganized compliance files and random pieces of paper that her predecessor had left behind.

When she was told that an IRS audit report was due in a few months, a mild panic set in. "I saw all this paper and said, 'Where is everything?' It was very disorganized. I could never find anything that I needed," she recalls. That was just the start of a risk compliance odyssey for Skelton and her team.

[ InfoWorld presents the Bossies 2013, the best open source software for security, data centers, clouds, and more. | Keep up with key security issues with InfoWorld's Security Adviser blog and Security Central newsletter. ]

The Department of Public Welfare must safeguard the financial and medical data of its 2.7 million participants. Yet with more than 4,000 federal and state regulatory requirements and policies to comply with, trying to gather and review data and take corrective action in response to myriad audits became nearly impossible.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

To continue reading, please begin the free registration process or sign in to your Insider account by entering your email address:
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies