I believe it was my colleague Kevin Bocek who once said: “Security done right will yield compliance for free. Compliance for compliance sake will always deliver more problems in the end.”
Why is it so many business leaders keep ignoring this reality?
It’s funny, I was just thinking about an article I co-authored for CSO Online with Charles Cresson Wood nearly a year ago entitled The Dangers of Over-Reliance on Compliance. Those of us in infosec circles know these dangers haven’t changed but management keeps on chugging along as if it doesn’t really matter in the grand scheme of things.
Maybe it doesn’t…?