Sep 29 2008

Be compliant through security

Published by at 5:48 am under PCI,Simple Security

I really liked Bill Sieglein’s article IT Security:  Can We Be Compliant and Yet Insecure?  Of course we can, it happens all the time.  If you’re just looking at your compliance measures as check boxes, then there’s always going to be the potential for something unique to your environment to be overlooked.  There might be something the assessor/auditor didn’t uderstand.  The list of ways you could be compliant and yet still insecure goes on, but it’s some of the answers that Bill comes up with that are important.   He lays out 5 simple steps towards getting your company compliant through security rather than the other way around.  Of course, if it was that simple, wouldn’t we all be doing this already?

I like to think of PCI as a baseline for security, not the ultimate goal. 

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

2 responses so far

2 Responses to “Be compliant through security”

  1. […] info By vpnhaus Categories: Highlights From Network Security Blog… Be compliant through security Martin McKeay suggests that it is possible to be compliant and yet still insecure, and points us to […]

  2. Security versus compliance « VPN Hauson 22 Oct 2008 at 1:53 pm

    […] Especially of interest is Section 4, which calls for the Commonwealth’s CIO to oversee the guidelines, plans, reporting and auditing of each agency. The order calls, in particular, for a lot of auditing. This brings to mind Martin McKeay’s excellent discussion of compliance through security. […]

%d bloggers like this: