News

Quandary: We must support strong compliance if we are to enhance security, but compliance absolutely does not mean security

Bob Gourley

We have written quite a bit about the critical importance of compliance in the corporate and government domain. One area we love exploring is the seemingly contradictory observations that we need compliance mechanisms to enhance security, but that never, ever, has compliance with rules alone meant that you are secure.

In a 14 Oct 2015 event sponsored by Cognitio in DC we examined this issue head on with the new director of operations for the DHS NCCIC, John Felker. Collectively we all agreed that compliance does not equal security but that following smart, well crafted rules is of critical importance, and the key to resolving the seeming contradiction there is in leadership.

At CTOvision we will continue to write about rules, standards, best practices and compliance. Every firm and government agency needs to better understand their cybersecurity compliance requirements. But we will also seek to highlight the leadership elements of cyber security, it is really our only hope.

For a review, here are a few posts we have done recently on cybersecurity compliance:

And some of the leadership/awareness posts associated with cybersecurity: