Security Vs Compliance
Contributed by Rob Hornbuckle
Within the industry of IT security there has been a constant struggle between security and compliance. Central to this struggle are C-level executives who fall short of completely understanding the information security risks their organizations face, nor do they understand the risk tolerance they should accept, with regard to the data housed. Consider also that IT security is pervasive in every other business unit within a company: human resources, finance, information technology, and operations. Due to the nature of risk tolerance levels being wholly dependent on an understanding of information security, more often than not, the executives in question tend to turn to a checkbox-type solution or a compliance-based solution because it’s so easy to manage. However, this type of thinking can lead to a false sense of security, specifically a false sense of information security. Compliance is not the same thing as security. Compliance is the armed guard at your gate. Security is the retired marine who is well versed in tactics, has knowledge of current vulnerabilities, and has a pretty good idea where the next attack is coming from.
This document is in PDF format. To view it click here.