The race toward compliance is 'not optimal'


Become An Insider

Sign up now and get free access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content from the best tech brands on the Internet: CIO, CSO, Computerworld, InfoWorld, IT World and Network World Learn more.

More security managers find themselves running compliance programs rather than performing security and risk management.

Before IT systems were so heavily regulated by HIPAA, Sarbanes-Oxley, PCI DSS, and countless other state and industry mandates, security managers had to beg, borrow and steal the resources they needed to secure their systems. Then, as regulatory mandates and the need for compliance grew, security professionals had new leverage to use in their fight for budget.

It worked. Rather than asking for investments in security technologies to fight threats that may or may not appear, seeking budget for compliance with industry and government mandates actually got execs to loosen the corporate purse strings. The budget windfall was welcomed, but the dynamic of IT security with the business also was changed forever -- and some say not for the better.

Also see: "APT is the new PCI"

You're viewing Insider content

You Might Like
Join the discussion
Be the first to comment on this article. Our Commenting Policies