In continued support of our mission to cultivate a cybersecurity renaissance that will improve the resiliency of our nation’s 16 critical infrastructure sectors, defend our democratic institutions, and empower generations of cybersecurity leaders, ICIT asked some of the brightest minds in national security, cybersecurity, and technology to author essays communicating their perspective. Our goal is to share their knowledge and insights with our community to shed light on solutions to the technology, policy, and human challenges facing the cybersecurity community. Our hope is that their words will motivate, educate, and inspire you to take on the challenges facing your organizations.
Essay authored by Laura Whitt-Wynard, ICIT Fellow & Global CISO, DLL
Despite common misconceptions, ticking all the boxes on a regulatory compliance audit does not make your company secure. No company is 100% secure. Security transcends compliance, not the other way around. Regardless of whether it is FFIEC, GDPR, PCI-DSS, HIPAA, etc. regulations; standards such as NIST, ISO, COBIT, NERC; or the overwhelming slew of privacy regulations around the world, nearly all of these regulations are comprised of basic security hygiene and they are outdated at publication. Most often, these regulations are drafted, reviewed, and edited with an effective date and years have already passed. The world of security advances at a break-neck speed and the regulatory process cannot keep up. Regulations and legislation are meant as enforcement for those companies who are not doing proper security hygiene; they are the minimum, not the gold standard.
About the Author – Laura Whitt-Winyard, ICIT Fellow and Global CISO, DLL Group
Laura Whitt-Winyard, CISM, CISA, CRISC, RSA-ACA is Global Chief Information Security Officer for DLL Group spanning more than 30 countries and is an Institute for Critical Infrastructure Technology (ICIT) Fellow. She has 19 years of information security experience and has been an active member of the security community. Laura joined DLL Group from Billtrust, where she served as Director of Security. Previously, she held information security leadership roles at Comcast and Bloomberg, L.P. Laura was included in the book: Women Know Cyber: 100 Fascinating Females Fighting Cyber Crime. She and her teams have been nominated for and the recipients of many awards spanning multiple years such as ISE® North America & Northeast Project Nominee & Finalist, ISE® North America & Northeast Executive of the Year nominee, CSO 50/40 Awards winner, RSA Archer Innovation Awards & Excellence Awards.