Pro+ Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
June 2008

Architect Security and Compliance Programs to Be Complementary

Compliance and security are business issues that require business solutions. It's become popular in the security community to decry compliance as not being the same thing as security. However, the problem isn't with compliance, but rather with business making assumptions about what being certified means. Rather than a measure of security, all certification means is that you meet a certain metric at a certain point in time. In reality, compliance and security programs are constant, ongoing efforts. We can complain all we like about compliance, but it is here to stay and is likely to get more complicated. The best thing we can do is embrace it and architect our compliance and security programs to be as complementary as possible, with each other and with the goals of the business. There are two important steps to help this effort. The first is to do a better job educating auditors so they can do a better job assessing the programs. Lots of auditors don't understand security well enough to ascertain whether controls are effective or...

Access this Pro+ Content for Free!

By submitting you agree to recieve email from TechTarget and its partners. If you reside outside of the United States you consent to having your personal data transferred and processed in the United States. Privacy Policy

Features in this issue

  • GRC Tools Help Manage Regulations

    GOVERNANCE, RISK AND COMPLIANCE We look at three GRC products and the distinct ways these tools can help organizations navigate the complicated regulatory game.

Columns in this issue

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

-ADS BY GOOGLE

Close