The three areas of compliance: People, process, and technology
1. The three areas of compliance: People, process, and technology
Let’s start off this video with an on-the-job example you might have as a cloud security professional at a large university. The university just invested in a monitoring tool to protect student records your security team is storing in the cloud. The team needs to define a clear process for using the tool and understanding the reports. This way, the team will make the best use of the new technology, using it correctly and efficiently. You’ve already learned about how people, processes, and technology play a part in the software supply chain. In this video, we’ll explore how having an effective relationship with people, process, and technology can help an organization maintain compliance. The people, process, technology, or PPT framework was originally created for businesses in the 1960s to improve the efficiency of their employees and tools. Today, it’s used for information technology management. To be compliant, an organization must have strong processes in place to ensure that they’re using technology in the most effective way. The PPT framework can help organizations meet their security and compliance goals. In the PPT framework, each piece reinforces the other. Technology is most effective when supported by strong processes and talented people. And with the right processes in place, technology can help people be more effective or efficient when completing specific tasks. Let’s explore the three different components of the PPT framework and find out how each fit in with the university example I shared above. People include staff, users, and decision makers that follow processes to use technology safely and effectively. To build a strong culture of compliance, it’s important to educate users and provide them with procedures. At the university, the cloud security team can train staff and provide resources that explain protocols. The team can also create processes to ensure protocols are followed. Processes include how people should use new technology, and how it should be created or adapted. Examples of effective processes include enforcing two-factor authentication, mandatory software updates, removing access rights from users who no longer need them, and implementing protocols for running scans and analyzing reports. At the university, the cloud security team can create a process to make sure staff know to complete scans, generate reports, and take the correct actions based on the reports. Technology not only helps to ensure compliance, it should also meet the organization’s needs. At the university, the security team adopts a monitoring tool to help meet compliance requirements. This technology will also help protect student and faculty records, along with other sensitive information. Balancing and adjusting PPT will be an important part of your job as a cloud security professional. By understanding the relationship between people, process, and technology, you can help your organization more effectively use tools and technology. You can also ensure that your organization meets their security and compliance standards.2. Let's practice!
Create Your Free Account
or
By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.