Nowadays companies need to consider many different standards, regulations and other requirements (Authority Documents). Among these requirements can be SOX, Basel II, ISO 27001, Grundschutz, PCI and others. Many tools and risk assessment workflows do not consider this compliance aggregation issue but only focus on one of these requirements.
As a result, custodians trying to protect their assets
do have a problem finding out what kind of regulations
and requirements they need to consider when protecting
their assets. While custodians often do not have a
security background (and don't need to do so) they are
left alone in finding, tagging, understanding and
interpreting requirements and policies regarding their
assets.
We from SOMAP.org strongly believe in the need to
account for all of these different requirements. We
think there is a need to aggregate all requirements and
to map these aggregated requirements with asset types.
This allows for a custodian to quickly identify his
asset's requirements without the need to read and
interprete many different standards and
regulations.
Our projects do take these considerations into account. Please see the respective projects websites for further details.