Thoughts on Information Security and Compliance

In today’s industry, being in compliance doesn’t make a company secured. Being in compliance means a company met the minimum requirement or have workarounds for some of the risks they can’t mitigate.

Asking if a company is in compliance is like asking a student if they have done enough work to get a C grade. The compliance industry should have a grading system that shows how well a company performed during an audit. Highest score being the company went above and beyond the minimum requirement and lowest means they are meeting minimum requirement for the compliance audit. I believe this will drive the information security industry to better protect consumers and companies alike.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.