Skip to main content

Meet the Role Players

Learning Objectives

After completing this unit, you’ll be able to:

  • Identify key players in cybersecurity compliance and regulation.
  • Describe the challenges that key players face in cybersecurity compliance and regulation.

Power to the Players

From game night to trivia with friends, everyone loves a good time. And what better way to have fun than to break out a video game or two? The more you play, the more likely you are to run into different types of characters, each with their own unique style.

A television screen shows different video game players the user can select.

Video games can reveal a lot about people.

  • Are they motivated by winning?
  • Do they just want to have a good time?
  • Do they need to follow the rules or do they just like to go with the flow?

Much like the players you run into on game night, the players in cybersecurity compliance and regulation also have certain characters each with unique roles and responsibilities. Let's introduce you to the most influential players in the compliance world.

Role

What They Care About

Lawmakers

  • Protecting constituents from data breaches
  • Ensuring constituents are notified if their personal information is compromised

Organizations

  • Identifying protected data
  • Managing vulnerabilities and risks
  • Protecting against threats to confidential and sensitive information
  • Remaining compliant

Third Parties

  • Evaluating the potential risks of partnering with an organization
  • Demonstrating that they’re securely managing an organization’s and its customers’ data

Auditors

  • Verifying controls that are in place
  • Gathering evidence that organizations are compliant
  • Reporting the results of audits to internal and external parties

Regulatory Authorities

  • Developing security standards
  • Enabling companies to harden their security postures
  • Imposing penalties for noncompliance, including fines

Industry Groups

  • Creating security standards that members must adhere to to raise the bar of the industry and create an equal playing field
  • Providing members with best practices, tools, and advice for meeting compliance requirements

Customers

  • Having assurance that the businesses they patronize are fully compliant with existing laws
  • Knowing their data is protected

The Growing Gap in Regulatory Compliance

Now that you have a better understanding of who these players are and what they care about most, let’s talk about the challenges they’re currently facing with regulatory compliance. 

Cybersecurity Regulatory Compliance Is Complex

Regulating cybersecurity presents a particularly difficult task to lawmakers and regulators charged with oversight. What’s more, for organizations trying to comply in a multinational global environment, the management of cybersecurity takes on greater complexity in operations in countries with varying levels of cybersecurity sophistication and laws. Regulations create a diverse set of compliance environments that display some similarities, yet contain differences in focus and intent.

Due to different business sectors’ complex nature, compliance with federal, state, and local laws provides a monumental challenge. Since almost every sector depends heavily on information technology (IT), regulatory compliance becomes a critical cybersecurity component. However, over the years, regulations have often been broken and poorly enforced. 

Compliance Doesn’t Equal Security

Over the past decade, cyberthreats have increased rapidly, accentuating the need to regulate cybersecurity practices and activities, and to impose penalties and sanctions for violating the regulations.

However, relying solely on compliance to achieve security protection doesn't necessarily enable an organization to cover all cybersecurity needs. That’s because compliance requirements often lag behind cybersecurity risk and technology, and are written broadly to apply to many organizations, while a security strategy needs to be tailored to the needs of a particular organization.

Laws and regulations can serve as a good starting point for establishing a company’s cybersecurity objectives, because compliance with these laws is an absolute necessity in any cybersecurity plan, but they shouldn’t be viewed as the ultimate end goal. Being compliant is like beating the game on normal difficulty, but good security is leveling up and beating the game on advanced mode.

More importantly, to prepare for changing compliance requirements, organizations need to create a security-first approach to cybersecurity so they can stay ahead of the evolving requirements. There is no 100% effective way to prevent all cybersecurity breaches, but cybersecurity must form part of the risk management process, as part of a long-term, strategic approach to cyber resilience.

Cyber resilience is an organization’s ability to continuously deliver solid results despite challenging cyber events. It is a holistic view of cyber risk that looks at culture, people and processes, and technology. It’s about being prepared, anticipating threats, determining the appetite for risk, and developing the response and recovery plan when something occurs.

At a minimum, organizations must maintain essential cyber hygiene. This includes regular, secure backups (essential to maintaining resilience and recovering quickly if attacked) and keeping software up to date to ensure security patches are in place. What’s more, security must be a core part of the product lifecycle. Appropriate incentives should ensure that future devices and networks have robust security embedded into the design from the start and that these aren’t added later in a “bolt on” fashion.

If you develop a security-minded culture in your organization, then compliance is relatively easy to achieve. Building security into your organization’s culture goes beyond simply complying with regulations. You can implement culture change from the top down with measures of effectiveness and efficiencies, along with metrics to enable successful engagement.

A strong security culture has the potential to increase employees vigilance in protecting electronic assets. This culture can include factors such as ensuring there’s separation between normal user accounts and administrator accounts, verifying there isn’t any sharing of login credentials, and regularly training staff in the risks that lax security behaviors present.

Sum It Up

Now that we’ve identified some common players and their challenges, let’s explore some key trends and regulatory compliance challenges.

Resources

在 Salesforce 帮助中分享 Trailhead 反馈

我们很想听听您使用 Trailhead 的经验——您现在可以随时从 Salesforce 帮助网站访问新的反馈表单。

了解更多 继续分享反馈