Follow us on LinkedIn and Twitter

Compliance-based Security Not Sufficient

This from a LinkedIn group post published on

“In the ever evolving threat landscape that is IT security, some security executives have become so focused on taking an approach that meets compliance requirements that their attention has become diverted away from some of the actual risks facing their respective organizations.”

Hear, Hear! Many of the executives I talk with (typically SMBs) literally have no idea about security management.  I have been told “we don’t care about improving security, we just want to pass the audit.”

I believe that most of the new regulations and standards could provide value. However, the way they are being implemented/enforced in a lot of organizations pretty much precludes any real security value that could be derived from them.

This article touches on these thoughts:  Shifting from compliance based IT security to a risk-based model


This entry was posted in Compliance, Info Security Mgmt and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>