Fall World 2014

Conference & Exhibit

Attend The #1 BC/DR Event!

Winter Journal

Volume 27, Issue 1

Full Contents Now Available!

May 17, 2013

Mapping Compliance Proof To Risk-Based Controls

For years now, the risk management gurus of the world have lamented the scourge of check-box compliance, urging organizations to make more security decisions based on sound risk management. The philosophy is that risk-based decisions generally yield more compliant environments: if an organization manages its risks, then compliance will naturally fall into place.

It's a sound idea, but when organizations flip their world view from check-box compliance to risk-first decision-making, there's bound to be times when an organization may be managing most risks well but still falls short of compliance requirements. In some cases, the organization has not documented mitigation measures well enough for the auditors yet and in others they are not quite totally compliant yet.

...

http://www.darkreading.com/compliance/mapping-compliance-proof-to-risk-based-c/240155092

1122