SOC 2 in Crypto is Pointless

SOC 2 in Crypto is Pointless

J.M. P. J.M. P.

J.M. P.

Chief Information Security Officer | Keynote Speaker | Risk Management | Crypto/Web3 Security Strategy | Blockchain Security | DevSecOps | MS Cybersecurity (MICS) | CISSP | CISM

发布日期: 2024年11月13日
+ 关注

Legal Risk and Security Risk Are Not The Same

I find it astonishing that in the year 2024 I have to say this out loud, but security risk and compliance risk are two different things.

Outside of crypto, lawyers drive cybersecurity programs because the primary risk is legal risk—regulatory fines, class action lawsuits, breach of contract. These are the primary causes of financial impact as a result of a security incident. Data breaches don’t hurt companies, they hurt consumers.

This makes security compliance a paperwork game of CYA intended not to prevent data breaches but to mitigate the risk of a fine or a lawsuit arguing a failure of minimum due diligence.

But all of that is of minor importance in crypto. As I have repeatedly written and spoken about for years, the real security risk in crypto/web3 exceeds your regulatory risk by several orders of magnitude.

Read More: https://ninja.cybercybercybercyber.ninja/p/soc-2-in-crypto-is-pointless

要查看或添加评论,请登录

J.M. P.的更多文章

  • "IT" is Dead
    2025年2月2日

    "IT" is Dead

    Now it's mostly Security It is now possible to build a company without an IT team. Anyone under 40 can set up a laptop…

    2 条评论
  • Bottom-up Security Doesn't Work
    2024年12月31日

    Bottom-up Security Doesn't Work

    Choosing not to govern is still a governance choice Barn-raising is an effective way to build software, especially open…

  • If Education is the Solution to Your Security Problem, Then You've Already Failed
    2024年11月16日

    If Education is the Solution to Your Security Problem, Then You've Already Failed

    A new scientific study confirms what has been obvious to me for years in the trenches: Security awareness training is…

    8 条评论
  • Make Sure We Never Get Hacked (How not to measure a CISO's job performance)
    2024年10月31日

    Make Sure We Never Get Hacked (How not to measure a CISO's job performance)

    An innocent approach to measuring the performance of the security job function would be to measure the number or…

  • CISOs Need to Speak the Language of Business
    2024年10月7日

    CISOs Need to Speak the Language of Business

    I was chatting with a security vendor I won’t name, and their CEO told me during the call, “Wow, it’s so refreshing to…

    1 条评论
  • The CISO as Chief Cyber Risk Officer
    2024年9月6日

    The CISO as Chief Cyber Risk Officer

    I’ve been meeting a lot more CROs in industry lately, and for some companies centralizing all risk management in one…

    2 条评论
  • Bottom-up Security Doesn't Work
    2024年8月29日

    Bottom-up Security Doesn't Work

    Choosing not to govern is still a governance choice Barn-raising is an effective way to build software, especially open…

  • The North Korean Love Triangle
    2024年8月12日

    The North Korean Love Triangle

    What happens when you combine market competition with warfare? Crypto companies are trapped in the North Korean Love…

  • Web3 Security: Brittle or Resilient?
    2024年7月30日

    Web3 Security: Brittle or Resilient?

    Outside of crypto, your tech startup’s primary competition comes from other companies—established players you want to…

  • Following the Herd is Dangerous in Cybersecurity
    2024年7月22日

    Following the Herd is Dangerous in Cybersecurity

    Monoculture solutions expose you to systemic risk. People herd.

    1 条评论

社区洞察

其他会员也浏览了