Mission Impossible: 4 Reasons Compliance Is ImpossibleMission Impossible: 4 Reasons Compliance Is Impossible
Compliance, like security, is not a constant
March 25, 2013
It happened again. I heard a boastful manager tell the CEO the job was finished and with great confidence brag to his boss their organization was fully compliant. The CEO nodded with increasing approval, mentally embracing the idea that his worries on the matter were behind him for good. No money-grubbing consultant was going to fool him about “risks,” and technical managers would no longer dare ask for larger budgets for compliance needs. In his mind, the task had now been addressed and the goal reached, never to look back again.
If only the CEO had paid enough attention to the realities of situation rather than so quickly accepting a convenient delusion.
Maybe not today, maybe not this week, but soon, this CEO will pay for this mistake many times over. And worse, as long as he maintains his distance from the reality of the issue, this CEO will never understand the associated costs are completely his fault. Protecting his company in a meaningful way, and avoiding perhaps millions in unnecessary expenses, was his responsibility and was completely within his power to accomplish. He simply didn’t take the time to understand one simple fact about his company: compliance, like security, is not a constant.
No organization is completely compliant, just as total security is not possible. Why, you ask? It is really very simple.
About the Author(s)
Tricks to Boost Your Threat Hunting GameNov 06, 2023
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
Everything You Need to Know About DNS Attacks
How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment