Mum's Thought, by JasonDGreat

It’s been a crazy week, and I’ve been busy gearing up for BlackHat on top of all the fun stuff my day job entails.  To close out the week, I wanted to throw something at you that I thought about while discussing how to better approach compliance initiatives. It’s a simple one liner that really describes why companies should invest in security instead of compliance:

A good information security program makes compliance with any standard a tweak, not an overhaul.

Compliance should not be the notion that drives security in your organization. Security, among other things, should support and drive compliance.

Compare that to your approach.  Does that fit with how you execute your security strategy?  If not, why?

This post originally appeared on

Possibly Related Posts: