One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 751193 |
| Date de publication | 2018-07-24 13:00:00 (vue: 2018-07-24 16:02:42) |
| Titre | The Security Compliance Tweet Chat - What We Learned |
| Texte | In our most recent Tweet Chat, we had Ben Rothke join us as our special guest, and the topic for discussion was compliance. If there ever was a topic that gets security professionals riled up, I think it would be compliance. There were many questions asked and answered; you can find most of the discussion by searching for the hashtag #AlienChat on Twitter. But for the purposes of this roundup, here are the top things I learned. The Value of Compliance What value does compliance bring? While there wasn’t overwhelming enthusiasm in support of the value of compliance, people were also not outrightly dismissive of its value. Instead, we found there to be a healthy level of cynicism amongst security professionals whereby there is recognition that compliance has its place - as long as it’s accompanied by some caveats. Completely agree. Compliance should be part of a baseline. Baseline should be a step towards a higher goal, not the goal itself. Too many orgs seem to think compliance is the end of the road, not just part of the journey. — Coyne-Op (@C0yn3_0p) July 19, 2018 A1: It can bring value when done in larger context of good information security controls. For many compliance people, picture day is once a year. Information security people want it to be #infosec picture day every day. That’s difference between security & compliance. #AlienChat — Ben Rothke (@benrothke) July 19, 2018 It sets a minimum baseline. Maybe not helpful if you're meeting the same minimum year over year, which might foster complacency, but helpful if your sec program is new.#AlienChat — Nick (@NickInfoSec) July 19, 2018 Compliance brings value, however that value is more closely related to enterprise risk than information security, per se. My approach is to develop a program based on the needs to address the security risk, but to ensure that the program also complies with any relevant regs. — Rot26 (@rotate26chars) July 19, 2018 Some frameworks are mandatory, some are voluntary. I'd like to hear why a company choose a certain standard before judging. :) |
| Envoyé | Oui |
| Condensat | #alienchat 2018 667 @da a3: about address admit after all applied around assessment balancing best built but can certainly chat chats closing cloud compliance cropped discussion during effort enforcable factored future guests hate have heart here isn’t it’s its itself july know learned least let long means minimal most need overall people place practices right risk savings say scrolling security services short some something special stay suggestions summerofsyn swindled term think thinking threads through tncaster topics tuned tweet upcoming we’re well what will worth |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.