Essay authored by Laura Whitt-Wynard, ICIT Fellow & Global CISO, DLL
Despite common misconceptions, ticking all the boxes on a regulatory compliance audit does not make your company secure. No company is 100% secure. Security transcends compliance, not the other way around. Regardless of whether it is FFIEC, GDPR, PCI-DSS, HIPAA, etc. regulations; standards such as NIST, ISO, COBIT, NERC; or the overwhelming slew of privacy regulations around the world, nearly all of these regulations are comprised of basic security hygiene and they are outdated at publication. Most often, these regulations are drafted, reviewed, and edited with an effective date and years have already passed. The world of security advances at a break-neck speed and the regulatory process cannot keep up. Regulations and legislation are meant as enforcement for those companies who are not doing proper security hygiene; they are the minimum, not the gold standard.
Click Here to Read More