Our class focuses on integrating several aspects of information security/assurance. Part of an overall integrated approach to achieving a comprehensive information assurance program is compliance management. As you are aware there are a number of government regulations that affect both the public and private sector. Please read Learn the Science of Compliance.pdf (attached). The author makes a strong case for centralized management of IT compliance and the use of software tools to assist in managing compliance programs.
You are the CISO of a large private financial company that is traded on the NY Stock Exchange. You were tasked by the CIO to develop an IT compliance management program for your organization. What approach would you take to develop such a program? What regulations impact the organization? Would you consider the use of a compliance tool? If so which one and how would you justify the expense?
Remember to cite your sources and to give a complete answer
1. Answer must be was at least 250 words.
2. Posted a complete and coherent response to the discussion topic.
3. Fully addresses the discussion topic or question and demonstrates understanding of concepts.
4. Includes at least on trustworthy and scholarly resource in the response and uses correct APA formatting for the citation and reference.