Complying with Regulatory FrameworksOracle's Joshua Brooks on Dealing With the Challenges
Joshua Brooks understands why those charged with information security compliance can, at times, be overwhelmed when they must deal with frameworks associated with PCI, HIPAA, FedRAMP, ISO 270001 and NIST 800-53, to name a few.
See Also: Securing Data Before the Cloud
"Most people feel pretty nervous when you talk about audits associated with any of one of those frameworks," Brooks, senior manager of public cloud GRC at software maker Oracle, says in an interview at Information Security Media Group's recent New York Fraud and Breach Prevention Summit. "It means a lot of work, [they're] resource intensive, but hopefully they understand the 'why' behind it."
At the summit, Brooks presented an overview of measures to take to identify and prevent security breaches.
In the interview, Brooks:
- Explains the benefits of mapping a common set of controls to specific terminologies in various frameworks to help stakeholders to comply with laws and regulations;
- Discusses the synergy between compliance and security; and
- Addresses automating compliance.
Brooks joined Oracle in November 2016 as an information technology security analyst, advancing to senior manager for public cloud/governance, risk and compliance last January. Previously, he served as a cyber intel analyst manager and senior systems engineer at Lockheed Martin.