Access "Reframing compliance with a threat model"
This article is part of the May 2013 / Volume 15 / No. 4 issue of Compliance and risk modeling
The weight of compliance on businesses has never been higher. The changing landscape of regulatory requirements, limited personnel budgets, non-comprehensive solutions, and increasing consulting costs associated with compliance audits has financially debilitated many companies, both large and small, across multiple industries. Without recognizing the inception of most regulatory requirements, some CISOs may think that the alphabet soup of compliance-affiliated acronyms has served no one; it has simply deepened the financial pockets of security consultants and compliance auditors. As a result, the perception of the value of compliance has taken a toll, without diminishing its need. We are left with a broken belief system of what compliance actually brings to organizations beyond a Record of Compliance or Authority to Operate (ATO). So, what went wrong, and how do security professionals begin to rethink compliance? It all hinges on execution. Managing perception Corporate compliance initiatives largely originate from within internal compliance groups, ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Editor’s desk: A chat with Peter G. Neumann
by Kathleen Richards
Peter G. Neumann shares his thoughts on the inherent complexity of trustworthiness and the evolutionary promise of clean-slate architectures.
-
Apple security update: Is it ready for the enterprise?
by Karen Scarfone
It’s hard to declare Apple security as superior to its competitors, but it’s also hard to fault it as inferior.
-
Editor’s desk: A chat with Peter G. Neumann
by Kathleen Richards
-
-
Reframing compliance with a threat model
by Tony UcedaVelez
Too many compliance programs miss the mark. Tony UcedaVelez explains how leveraging a threat model can re-energize your strategy.
-
Data breach protection requires new barriers
by Ernie Hayden, Contributor
Assumption of breach is the new norm. Can this shift help organizations build better levels of data breach protection?
-
Reframing compliance with a threat model
by Tony UcedaVelez
-
Columns
-
Marcus Ranum: Q&A with clean-slate pioneer Peter G. Neumann
by Marcus Ranum
Marcus Ranum, security expert and Information Security magazine columnist, goes one-on-one with clean-slate luminary Peter G. Neumann of SRI International and formerly Bell Labs.
-
IT security education climbs the corporate ladder
by Doug Jacobson and Julie A. Rursch
Managers need more training about technical security threats and input into IT policies that threaten productivity.
-
Marcus Ranum: Q&A with clean-slate pioneer Peter G. Neumann
by Marcus Ranum
More Premium Content Accessible For Free
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...
Emerging threat detection techniques and products
E-Handbook
Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing ...
The rapid evolution of MDM solutions
E-Zine
Mobile device management (MDM) continues to grow at a feverish pace, both in terms of adoption and mobile security features. BYOD policies, and the ...