Compliance Doesn't Equal Security
This is a great blog post by Computer World's Michael Farnum about how compliance doesn't equal security. I agree with him one hundred percent.
Too many companies are bending and bowing to auditors and regulators at the expense of implementing true security controls. They do what they're told -- or forced to do -- rather than what makes information security sense.
Farnum says there's no substitute for good old-fashioned best security practices and following frameworks like COBIT and the ISO standards. Following these practices will automatically a company compliant.
Too many companies are bending and bowing to auditors and regulators at the expense of implementing true security controls. They do what they're told -- or forced to do -- rather than what makes information security sense.
Farnum says there's no substitute for good old-fashioned best security practices and following frameworks like COBIT and the ISO standards. Following these practices will automatically a company compliant.
posted by The IT Security Guy at 7:31 PM
0 Comments:
Post a Comment
<< Home