Thoughts on Information Security and Compliance

In today’s industry, being in compliance doesn’t make a company secured. Being in compliance means a company met the minimum requirement or have workarounds for some of the risks they can’t mitigate.

Asking if a company is in compliance is like asking a student if they have done enough work to get a C grade. The compliance industry should have a grading system that shows how well a company performed during an audit. Highest score being the company went above and beyond the minimum requirement and lowest means they are meeting minimum requirement for the compliance audit. I believe this will drive the information security industry to better protect consumers and companies alike.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.