QOTD on Compliance

Compliance can be a good starting point for securing information infrastructure and data if an organization has not put anything in place previously, but it cannot be the end point of the conversation. -- John Pironti, President of IP Architects, speaking at the ISACA International Conference in Los Angeles
The article also reports Pironti as cautioning that a single-minded focus on "security by compliance" will result in more lapses of security as adversaries shift to more effective and damaging attacks.

Src: A Policy Dialogue Platform - Promoting Better Governance | eGov monitor

No comments: