Increased government regulations and industry requirements are
forcing organizations to comply with standards that in the long run are
actually very useful. Many of the required controls can seriously help
improve your security posture – especially if your company is new to
compliance.
The compliance trap that many companies fall into is that they focus on passing an audit instead of ensuring a sound network security posture. Being compliant is one thing, but being secure is a completely different level.
As we’ve seen in the news recently there have been multiple companies that were compliant (and possibly complacent), yet not secure. Achieving compliance should not be the end-all-be-all of your security program; it should be viewed as a minimum baseline.
Read the rest of my article for Algosec.com here:
http://blog.algosec.com/2012/05/compliant-or-complacent-a-security-pros-viewpoint.html
The compliance trap that many companies fall into is that they focus on passing an audit instead of ensuring a sound network security posture. Being compliant is one thing, but being secure is a completely different level.
As we’ve seen in the news recently there have been multiple companies that were compliant (and possibly complacent), yet not secure. Achieving compliance should not be the end-all-be-all of your security program; it should be viewed as a minimum baseline.
Read the rest of my article for Algosec.com here:
http://blog.algosec.com/2012/05/compliant-or-complacent-a-security-pros-viewpoint.html