Whether all “compliance” as we know it is beneficial for business and consumers is indeed an area for lengthy debate. One thing is for sure: Information security is an issue that can make or break your business — so it cannot be ignored. If you focus your information security efforts on process, policy and people, you will eliminate 95 percent of your business risks.
Getting your compliance initiatives in order is more than just kowtowing to an auditor or falling in line with what a bigwig legislator thinks is best. Furthermore, there is no need to worry about all the differing opinions on how to comply with a specific law or regulation. It is about bringing time perspective into the situation and doing what’s best for your business long term.
Albert Einstein once said, “You can’t solve a problem on the same level that it was created. You have to rise above it to the next level.” Rising above the compliance noise and seeing the bigger picture does just that. Think of information security as a means for managing business risks and compliance as a nice side-effect. Outline how specific security controls that satisfy specific compliance requirements meet specific business needs. That’s the formula for making all this work.
It may seem impossible to stay in line with all of the information security laws and regulations while at the same time reducing business risks and keeping compliance costs to a minimum, but it can be done. It is all in your approach. ?
Kevin Beaver is an independent information security consultant, keynote speaker and expert witness with Principle Logic LLC, where he specializes in performing independent information security assessments. He has authored/co-authored seven books including “Hacking for Dummies,” “Hacking Wireless Networks for Dummies,” and “Securing the Mobile Enterprise and Laptop Encryption for Dummies” (Wiley). He is also the creator of the “Security On Wheels” information security audio books and blog providing security learning for IT professionals on the go. He can be reached at firstname.lastname@example.org.