The Tech Herald

NCSAM: Compliance vs. Security – Tell us where you stand

by Steve Ragan - Oct 5 2010, 16:40

When it comes to protecting your organization’s assets, such as Intellectual Property, data (customer or employee), and the actual equipment that houses all of it, which is the focus, compliance or security? Should you keep them equal or separate? Does one not equal the other?

This National Cyber Security Awareness Month topic is aimed at starting a discussion. Please leave your thoughts below, or email security@thetechherald.com to share your opinions.

According to the Verizon Payment Card Industry Compliance Report, investigators found that breached organizations are 50 percent less likely to be PCI compliant and that only 22 percent of organizations were PCI compliant at the time of their initial examination.

In short, Verizon says that these findings indicate that PCI compliance can help prevent data breaches.

Our Take:

PCI, or any given compliance measure for that matter, including all of the steps needed to obtain it, are only the building blocks to a solid security program. Just because an organization can obtain compliance for a given regulation does not mean they are secure. Compliance today cannot equal security tomorrow. Things change entirely too fast for that to happen.

In truth, compliance and security should be equal, and when plans are developed for them, they need to be a critical part of the organization’s business and growth strategy. Also, when considering compliance and security, a measure of risk assessment is mandatory. If you don’t know what it is you need to protect first and foremost, then there is no need to bother with either.

Often compliance and security come from the same department, so equality should be a given. Sadly, as is the case with many business plans, security and compliance come after the fact, and are implemented based on regulatory fear or cost alone.

For the record, we agree with the conclusions and recommendations from the Verizon report, as seen on page 25 in this PDF, and our stance on compliance vs. security aligns with them on many points.

What we’d like to know is if you agree with our thoughts, as well as those from Verizon, and read your opinions on them.

Are security and compliance things to be kept separate? If so, is this because they are simply different, or because it depends on the organization? Are they equal? If you think so, why?

Around the Web

Comment on this Story

comments powered by Disqus
Security
Index
News
 
Features
Reviews

From Autosaur.com

World’s first flat-pack truck the OX could help Africa

A flat-pack truck which can be put together by anyone in just half a day has been invented to help people living in remote places in Africa and other parts of the developing world. The OX is shipped in pieces but can be assembled with just three people in 11.5hours — and they need no [...]

The post World’s first flat-pack truck the OX could help Africa appeared first on Autosaur.

Nissan 370Z Nismo to rock the Gumball 3000 rally

The Nissan 370Z Nismo will be one of the cars in the 2013 Gumball 3000 rally where  â€” as the guys from TV show Jackass put it — “filthy stinking rich” people drive super-expensive cars 3,000 miles through 13 countries across Europe. The car, above, will be driven by a team from publishing and production [...]

The post Nissan 370Z Nismo to rock the Gumball 3000 rally appeared first on Autosaur.

#MyTurnToJag and Playboy: How Jaguar targets men

Jaguar has launched a new Twitter campaign called #MyTurnToJag to advertise its new F-Type â€” as well as teaming up with men’s magazine PLAYBOY. The #MyTurnToJag competition gives members of the public the chance to drive one of their new sports cars. And it comes after the firm helped announce Raquel Pomplun, left, as Playboy’s Playmate of [...]

The post #MyTurnToJag and Playboy: How Jaguar targets men appeared first on Autosaur.