Access your Pro+ Content below.
Compliance and risk modeling
You can fight compliance or embrace it, but one way or the other, you can’t escape it. Increasingly, smart organizations are not just accepting compliance as a necessary evil, but aggressively teaming with their internal compliance and audit teams to structure security programs both for heightened security and clear compliance deliverables. The cover story tackles not only this shift in emphasis, but also the latest updates in key compliance frameworks, offering guidance on how to position new requirements as an opportunity rather than more paperwork.
Features in this issue
Peter G. Neumann shares his thoughts on the inherent complexity of trustworthiness and the evolutionary promise of clean-slate architectures.
Too many compliance programs miss the mark. Tony UcedaVelez explains how leveraging a threat model can re-energize your strategy.
It’s hard to declare Apple security as superior to its competitors, but it’s also hard to fault it as inferior.
Assumption of breach is the new norm. Can this shift help organizations build better levels of data breach protection?
Columns in this issue
Marcus Ranum, security expert and Information Security magazine columnist, goes one-on-one with clean-slate luminary Peter G. Neumann of SRI International and formerly Bell Labs.
Managers need more training about technical security threats and input into IT policies that threaten productivity.