You can't secure what you don't acknowledge.SM

Monday, September 26, 2011

Compliance or risk: what the real IT leaders focus on

Whatever your approach to managing IT and information security, here's a new bit I wrote for Security Technology Executive magazine on fixing what needs to be fixed before you do ANYTHING else:
Fix Your Low-Hanging Fruit or Forever Hold Your Peace

Once you have the urgent flaws on your most important systems out of the out of the way, here are some pieces I wrote for on dealing with compliance while, at the same time, actually managing your information risks:

Managing information risk inherent to an effective compliance strategy

Avoid duplicated efforts to cut the cost of regulatory compliance

The long-term consequences of not addressing compliance today


As always, be sure to check out for links to my additional information security articles, whitepapers, podcasts, webcasts, books and more.

No comments:

Post a Comment