Security and Compliance; Chicken and Egg or Chalk and Cheese?

Think Tank - 4:35 pm - 5:00 pm

Since regulatory (and industry) compliance became a notable thing in the early-mid 2000's it has been intimately linked with information security and often times has been the lever (or hammer) by which enterprises made necessary investments in security. But being compliant and being secure aren't the same thing, and in too many cases enterprises that were perfectly compliant have been perfectly breached. A new focus is needed; one that respects that while security and compliance are not the same thing, they are working towards the same goal (a reduction in overall enterprise risk exposure) and sees that compliance flows from security.

Takeaways:

While a secure company is likely a compliant company, the same cannot be said of the reverse situation
Just because compliance has loosened the purse strings doesn't mean it takes a pre-eminent position on security investments
Reducing enterprise risk is the goal of both practices but without appropriate focus on both is a goal that will never be achieved