Solving the Problem With Security Standards

Security people love compliance programs. Really! It’s why we have so many of them.

No. OK, we hate compliance programs. Even when I try to tell jokes about compliance programs, I hate them.

The reason I hate compliance programs is because they’re lists of things we need to do, and many times, those things don’t seem to make a great deal of sense. In threat modeling, I talk about the interplay between threats, controls, and requirements, and I joke that “a requirement to have a control absent any threat” is why we hate compliance programs (not joking).

Read full article on Dark Reading


Date:

Categorie(s):