Monday, June 11, 2007

Compliance Doesn't Equal Security

This is a great blog post by Computer World's Michael Farnum about how compliance doesn't equal security. I agree with him one hundred percent.

Too many companies are bending and bowing to auditors and regulators at the expense of implementing true security controls. They do what they're told -- or forced to do -- rather than what makes information security sense.

Farnum says there's no substitute for good old-fashioned best security practices and following frameworks like COBIT and the ISO standards. Following these practices will automatically a company compliant.


Post a Comment

Links to this post:

Create a Link

<< Home