Why Compliance does not equal security?
Being compliant is a wonderful thing to do, and in many cases, you will have no choice but to comply to be able to run your business. However, there is a common misconception floating between people is that security is achieved when you achieve Compliance. Being fully compliant does not mean you are fully secure.
By definition, Compliance means your organization meets the minimum security requirements for specific regulations at a given moment. However, security means your organization remain free from danger while operating your fully "compliant" infrastructure.
A good real-life example of Compliance is like driving a car while having the basic security settings such as seat belts, airbags, Collision avoidance system, Electronic stability control, lane departure warning system, blind-spot detection turned on. Those controls make the vehicle compliant with specific standards; however, they will not save you if you are driving recklessly or not following driving best practices.
Compliance is a practice of satisfying a set of requirements for a 3rd party to facilitate business operations. This initiative is over when the external body is satisfied.
On the other side, security is practiced for its own sake and not to satisfy anyone. Security is never done. It should be continuously maintained and improved.
Security is a journey; being compliant is just the beginning.
----------------------------------------------------------------------------------
Would you like more interesting articles?
- The art of Hunting - Exposed!
- Why do we keep getting hacked?
- How to build your cyber condition?
- How to reduce your attack surface?
- Security is a journey not a destination!
- What is Cyber Stamina?
- Where Are The Risks?
#Obscurity #Secrecy #Security #cybersecurity #informationsecurity #cloudsecurity #securitymanagement #infosec #incidentmanagement #cyber #cyberattack #threats #cyberdefense #privacy #cyberwarfare #computersecurity #coronaravirus #cyber #cloudsecurity #covid19 #investment #ciso #ROI #costoptimization #costsavings #CFO #cfoinsights #ssl #ciso #compliance
Cyber Security Consultant | IT Solutions, Network Security
4 年Very well said ,
Information Security Manager - Northern Europe
4 年"Being fully compliant does not mean you are fully secure.", agree. "Being secure doesn't mean you're compliant", also true "Being secure should also mean you're compliant", how it should be
General Manager- IT
4 年Yes, compliance is Non negotiable
Cyber Security Manager at Getnet Brasil | A PagoNxt Company
4 年Very interesting text!
VP of Strategy @ Hackuity ?? Speaker ?? Follow me on Linkedin to be updated on ?????????????????????????? and ?????? news ??
4 年So true !!!