Cybersecurity: Security vs. Compliance

September 12, 2019 posted by

[MUSIC PLAYING] Compliance is often a
point in time initiative. You have your assessors come in,
they look at your environments, they check you
off and you leave. Many organizations will
revisit that annually. But the issue is that gap in
time between your compliance assessments is what happens
to your security posture. Security and compliance
are not one and the same. Compliance is the
bare minimum that you have to do to validate
against a set of standards. The intent is to do security
right and continuously. You’re only one change
away from being breached. Which is why compliant
organizations still get breached. Because security needs
to be continuous. Well being in compliance
with a regulatory requirement means that you’re adhering
to a set of controls on a certain data set. If you only focus your security
program on that data set, you can essentially
end up ignoring the rest of your organization. Then that’s where the
breach is going to happen. So compliance is typically
a driver for the budgets that organizations receive. But using that
budget strategically to not only achieve compliance,
but really to achieve security, and as a byproduct get
compliance as part of it, is the way to go.

No Comments

Leave a Comment

Your email address will not be published. Required fields are marked *