Compliance misconceptions, challenges and tips
by Mirko Zorz - Editor in Chief - Wednesday, 9 April 2014.
In this interview, Paul Koziarz, President and General Manager of Regulatory Compliance at CSI, talks about the misconceptions related to compliance, provides advice for CSOs and discusses the difference between being compliant and being secure.

High-profile breaches have shown that there's a difference between being compliant and being secure. What does that say about compliance?

Certainly, a distinction does exist between security and compliance, but in many ways, that disparity underscores the importance of ongoing compliance initiatives. Compliance creates those baseline standards that all organizations must achieve. While it doesnít represent everything companies can do to ensure system integrity, it plays a significant role in helping them reach a needed level of security. Besides, without a compliance framework, some organizations might not implement any security practices at all (or at least until it is too late). Organizations must constantly challenge themselves to not only remain in full compliance, but also seek ways to go above and beyond to ensure the highest levels of security.

What are the most common misconceptions when it comes to compliance?

Again, compliance mandates create a benchmark, but being compliant doesnít mean your systems are totally secure and protected. That is one of the most common misconceptions we see. Businesses have to be in compliance, but just because they are, doesnít mean they can let their guard down. Businesses have to be in a constant state of remediation and education, because todayís cybercriminals are sophisticatedóand businesses have to keep step. Compliance is critical, but itís not enough on its own. Also, thereís this perception that compliance is too burdensome, but when it comes to data security, any business should want that for itself and its customers. Compliance, while it can be demanding, keeps your business and your customers safe from fraud and cybercrime; itís the right thing to do in todayís society.

What are some of the ways in which compliance has advanced information security?

Compliance has been a catalyst for bringing information security to the forefront in business. Without it, many organizations wouldnít have security controls in place, and there would be no consistency of standards among the protocols being used. In that regard, compliance has created a level playing field that all organizations are expected to meet when it comes to protecting sensitive data. And beyond that, compliance keeps information security top of mind. It requires businesses to continuously evaluate risk throughout their organizations and, hopefully, look beyond whatís only required to be compliant.

What advice would you give to a new CSO that needs to communicate with the management about compliance costs?

You have to evaluate compliance not as an expense, but as a money saver. Sure, managing compliance takes resources, but itís nowhere near as expensive as the costs associated with a breach. Look at the hit taken by any peer organizations that have been compromised Ė lost time, money and manpower. And thatís not to mention the reputational hit that can take years to overcome. In many ways, you can think of compliance as insurance. You pay certain premiums as you go, but the damage that it mitigates when needed is a tremendous value. Itís essential to show what it could cost you if you donít have the security and compliance in place that you need.

Spotlight

The evolution of backup and disaster recovery

Posted on 25 July 2014.  |  Amanda Strassle, IT Senior Director of Data Center Service Delivery at Seagate Technology, talks about enterprise backup issues, illustrates how the cloud shaping an IT department's approach to backup and disaster recovery, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Jul 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //