I read and hear the term “compliance” used liberally in infosec, often without a clear context. The graphic above is intended to illustrate some business drivers such as statutory laws, regulatory agencies (e.g. GAO’s HIPAA), industry-imposed requirements (e.g. PCI DSS), customers’ and shareholders’ expectations (some of which are legally and contractually required). These plus other… Continue reading What is Compliance?
BSides Nashville – Scaling Security to the Enterprise
[youtube http://www.youtube.com/watch?v=QqV_a_5tZCI?feature=oembed&w=250&h=140] Scaling Security to the Enterprise – from BSides Nasvhille (May 17, 2014) (Source: https://www.youtube.com/)
Value of Architecture – Post 1
Business solutions can be described from different views. Architecturally these views can be generated as conceptual, logical and physical. Each of these layers considers business in different terms. These views can and should be considered holistically to gain a fuller understanding of the business. Another way we can generate views of the business is to… Continue reading Value of Architecture – Post 1
From: Advice for Enterprises in 2014: Protect Your Core Data
From: Advice for Enterprises in 2014: Protect Your Core Data
One of the most important data breaches in history was an inside job. The NSA trusted a contractor, now most purple have heard of Edward Snowden.
Compliance versus Security … Coming to Trial?
Compliance is about auditable business processes that are related to meeting legal, regulatory & contractual requirements. Infosec is a confluence of strategic & tactical processes & controls with a goal of ensuring confidentiality, integrity & availability of data & systems. There is overlap but the two things are effectively different and aimed at different needs… Continue reading Compliance versus Security … Coming to Trial?