A lot of organizations equate security with regulatory compliance–they figure out what the law requires them to do, then do precisely that.
Forward-thinking organizations don’t. They see security as a way to get and maintain a competitive advantage, and rather than measure themselves against regulations that are often nearly out of date by the time they’re approved, they measure themselves against a maturity model, which compares their practices with similar companies in similar lines of work so they can see how they measure up. Read more
I had a search query about getting started in regulatory compliance, which I’ve written about before, but more from an organizational perspective. That won’t help you much from a career perspective.
I think most any CISSP will answer that question similarly, so I’ll take a stab at it. Read more
I had a couple of discussions this week about compliance, and the traps of plain old check-the-box compliance, and how to get started in it when regulatory compliance suddenly gets sprung on you.
The key is working backwards. Start with the very reason regulatory compliance exists.
Another question from the big box o’ Google search queries: What are the real benefits of having a CISSP?
I don’t want to be flip, but here it is in two words: job security. Read more