Enterprise IT Context for the CTO

Bob Gourley

Subscribe to Bob Gourley: eMailAlertsEmail Alerts
Get Bob Gourley via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Blog Feed Post

Quandary: We must support strong compliance if we are to enhance security, but compliance absolutely does not mean security

We have written quite a bit about the critical importance of compliance in the corporate and government domain. One area we love exploring is the seemingly contradictory observations that we need compliance mechanisms to enhance security, but that never, ever, has compliance with rules alone meant that you are secure.

In a 14 Oct 2015 event sponsored by Cognitio in DC we examined this issue head on with the new director of operations for the DHS NCCIC, John Felker. Collectively we all agreed that compliance does not equal security but that following smart, well crafted rules is of critical importance, and the key to resolving the seeming contradiction there is in leadership.

At CTOvision we will continue to write about rules, standards, best practices and compliance. Every firm and government agency needs to better understand their cybersecurity compliance requirements. But we will also seek to highlight the leadership elements of cyber security, it is really our only hope.

For a review, here are a few posts we have done recently on cybersecurity compliance:

And some of the leadership/awareness posts associated with cybersecurity:


Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder of Crucial Point and publisher of CTOvision.com