the State of Security

RSA 2010: Stop obsessing over compliance and start obsessing over audits

by David Spark on March 2, 2010 David Spark

David Spark here reporting for Tripwire at the 2010 RSA Conference in San Francisco.

After the industry analysts’ roundtable (read my summary of that discussion), I caught up with Christian Christensen of IDC and asked him about a comment he made on the panel regarding the issue of compliance.

Christensen said to stop obsessing over compliance and concern yourself more with your auditors. If you create a good system for audits, then that will give you more visibility into compliance and other issues. Because the statement “We’re 100 percent compliant” is never true. There are always varying degrees of compliance, but if you can put the right reporting structures in place, then you can make the auditors happy which is a window to your world of compliance.

Check out more of Tripwire’s coverage from the 2010 RSA Conference in San Francisco.

Tagged as: IDC, IT Security, IT Security and Data Protection, Regulatory Compliance, RSA, RSA 2010, RSAC

This post was written by…
David Spark

has contributed 73 posts to The State of Security.

Twitter @dspark

Contact David Spark

David Spark is a veteran tech journalist and founder of Spark Media Solutions, a media consulting and production company. Acting as the "media" of "social media," Spark Media Solutions helps its clients be seen as leading voices in their field through brand-quality media production and distribution through top tier media channels.