-
Stuart McClureVice President of Operations and Strategy Risk and Compliance Business Unit
Stuart McClure is responsible for overall business operations and strategy for the Risk and Compliance business unit at McAfee. Prior to McAfee, McClure held positions as executive director of security services for Kaiser Permanente, a $34B healthcare organization, was senior vice president of Global Threats and Research for McAfee Avert Labs where he led an elite global security threats team, and was founder, president and chief technology officer of Foundstone, a product and consulting company empowering US government agencies and Global 500’s to continuously and measurably manage and mitigate risk. Before Foundstone Mr. McClure helped establish and run the Ernst & Young National Computer Security Practice and ran IT departments for state and local government in the US.
Widely recognized for his extensive and in-depth knowledge of security, McClure is one of the industry's leading authorities in information security today. His first book, “Hacking Exposed: Network Security Secrets and Solutions” has been translated into over 30 languages, was ranked the #4 computer book ever sold, and is the definitive best-selling computer security book in history. A well-published and acclaimed security visionary, McClure has over 22 years of technology and executive leadership with profound technical, operational, and financial experience. He holds a Bachelor's degree from the University of Colorado-Boulder and holds numerous certifications including CISSP, CNE, and CCSE. -
There is light at the end of the tunnel – risk and compliance technologies and standards are relieving auditors and businesses in this age of increased electronic accountability. On the heels of our integration of SolidCore’s technology, researchers from McAfee Avert Labs have laid out the compliance challenges facing organizations, and the new standards which can save thousands of hours, in the latest edition of the McAfee Security Journal.
Organizations Are Suffering from Audit Fatigue
Of the many compliance obstacles facing organizations, the sheer volume of audits is perhaps the most oppressive impediment to returning to “business as usual.” With more than 400 separate sets of requirements facing organizations internationally, global institutions can face more than 40 diverse mandates. Failure or non-compliance is not an option, as reputational damage and severe consequences levied by regulatory agencies can have severe financial consequences for businesses.
In a McAfee-sponsored survey, one organization estimated that to prepare for their PCI audit, they spent 1,000 hours in one week to configure audit settings. Another organization spent more than 18,000 hours to prepare for external audits in one year. Even when faced with such overwhelming compliance demands, more than 51 percent of organizations surveyed still used spreadsheets to execute audits.Three Steps to a Better Audit
Organizations that embrace IT as the path to solving compliance issues should follow three key steps to combat audit fatigue:
1. Establish a governance committee: By connecting executives with operational realities, a governance committee can help focus compliance spending where it will be utilized to its fullest.
2. Automate the IT audit process: By investing in risk evaluation and auditing technology, companies can automate the vast majority of once-manual and time-consuming tasks, better ensuring ongoing compliance and reserving IT energy and spending for strategic priorities.
3. Adopt a well-built framework: By adhering to a consistent framework throughout an organization, IT can consolidate the number of separate audits it must conduct.SCAP Leads the Way in Next-Generation Audit Standards
The emergence of Security Content Automation Protocol (SCAP) signals a change in traditional risk and compliance architecture. Using SCAP-compliant products, companies can now eliminate the need for vendors to issue updates when new policy or regulatory mandates are decreed. By immediately integrating new changes in policy, SCAP improves vulnerability detection, asset management, risk monitoring and response, threat publishing, and more. As more technologies are produced to support the continuing evolution of audit demands and evolving infrastructures, the more automated the audit process will become.
To learn more about McAfee’s insights into the status of risk and compliance technologies, read the newest edition of the McAfee Security Journal.
- No Comments »
- |
- Posted in Risk Compliance
- |
Feeds & Podcasts
Meet the Bloggers
Alex Thurber
Andrew Berkuta
Barry McPherson
Brian Foster
Carl Banzhof
Colin Dover
Dan Wolff
Dan Molina
Darrell Rodenbaugh
David DeWalt
Elan Winkler
Evelyn de Souza
George Kurtz
Greg Brown
Greg Day
Jason Grier
John Viega
Joris Evers
Madhurima Pawar
Marc Olesen
Mike Carpenter
Moira Cronin
Pamela Warren
Parry Aftab
Pinkesh Shah
Rees Johnson
Rishi Bhargava
Robert Amezcua
Rusty Carter
Shane Keats
Simon Hunt
Stuart McClure
Todd Gebhart
Tom Conway
Tony Zirnoon
Tracy Mooney
Yan Liang
Archive
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
Categories
- CSO / Risk Management (80)
- CEO Perspectives (48)
- Risk Compliance (41)
- Data Protection (41)
- Consumer (33)
- Uncategorized (29)
- Corporate Responsibility (24)
- Family Safety (66)
- Cyber Security Mom (48)
- System Endpoint (12)
- Network Security (11)
- Public Sector (10)
- Critical Infrastructure (5)
- SMB (4)
- Partner (4)
- McAfee Channel (3)
- NAC (2)
- Security Perspectives (2)
- SaaS (2)
- CTO (2)
- Mobile (1)
- Management (1)
- Support (1)
