It’s been a crazy week, and I’ve been busy gearing up for BlackHat on top of all the fun stuff my day job entails. To close out the week, I wanted to throw something at you that I thought about while discussing how to better approach compliance initiatives. It’s a simple one liner that really describes why companies should invest in security instead of compliance:
A good information security program makes compliance with any standard a tweak, not an overhaul.
Compliance should not be the notion that drives security in your organization. Security, among other things, should support and drive compliance.
Compare that to your approach. Does that fit with how you execute your security strategy? If not, why?
Possibly Related Posts:
- Let’s Encrypt for non-webservers
- Selective Domain Filtering with Postfix and a SPAM Filtering Service
- Preventing Account Takeover, Enable MFA!
- Proofpoint Patches URL Sandbox Bypass Bug
- Improve Outbound Email with SPF, DKIM, and DMARC