Compliance & Security: A Race To The Bottom?

“Compliance is meaningless if organizations don’t use it as a starting point to understand and mitigate risks within their environment. ”

I love this line.  It very simply encapsulates the challenge most IT Security professionals face – how to break the business away from wanting to check boxes and move them toward holistic security.  Compliance is a good starting point.  It is a good funding mechanism.  It is a good conversation starter.  IT IS NOT SECURITY!

http://www.darkreading.com/risk/compliance-and-security-a-race-to-the-bottom/a/d-id/1319302

#compliance #ITSecurity