I happened upon an interesting article while reading my daily security management briefing alerts, and realized that the focus of the article was a mirror of a conversation I have with my clients almost weekly —‘Compliance and Security” or ‘Security and Compliance’.
To me they seem like natural partners but I have found out that is not always the case. In developing solutions to information security threats I frequently see a people vs. tool mentality at work. I argue that it is really a ‘people and tool partnering’ that allow any organization to identify, assess and mitigate risk. This includes the risk of breach as well as the risk of non-compliance to regulations.
Please take a look at this article written by Richard Mackey, entitled “How Security Pros Can make Compliance Initiatives Work for Them” and consider downloading and reading the whitepaper discussed.
Let me know your thoughts — Is it ‘Compliance and Security’ or ‘Security and Compliance’?