While the numerous laws, regulations and standards meant to address information security have helped advance the cause of infosec, they have also provided new challenges for adequately securing an organization.

It's true that regulations have brought high-level attention, as well as increased budgets and support for some areas of information security, but they have also focused many of these resources solely on compliance and not on ensuring adequate security for current threats. Another problem is laws typically do not keep up with the rapid pace of change in technology, which further complicates the relationship between compliance and information security.

In this tip, we will examine some of the ways compliance has advanced information security, some of the challenges compliance has brought with it to information security, and how security pros can convince compliance managers there is a need to go beyond what they might think is required in order to adequately secure an organization.

How compliance has advanced information security
Compliance has helped advance information security primarily by forcing executives to think about how their enterprises are secured, and then provide budgets and managerial support to bring security measures about. Laws and regulations have also helped minimally to educate the public about information security, and data breach laws have served to notify affected consumers when certain types