RSA 2010: Why do organizations respond so poorly to audits?

David Spark here reporting for Tripwire at the 2010 RSA Conference in San Francisco.

Jennifer Bayuk is an independent consultant and the director of cybersecurity programs at the Stevens Institute of Technology. She cowrote a paper with Tripwire’s Founder and CTO, Gene Kim, entitled, “Avoiding Audit Fatigue.”

I asked her why do audits break down, and she corrected me saying that it’s not the audit that breaks down, but the response to the audit that breaks down.

I also asked for her take on Christian Christiansen of IDC’s theory (watch that video, Stop obsessing over compliance and start obsessing over audits) that one shouldn’t always be obsessed with compliance but rather focus on the audit process.

Check out more of Tripwire’s coverage from the 2010 RSA Conference in San Francisco.

Tagged as: audits, Information Security, IT Security, Regulatory Compliance, RSA, RSA 2010, RSAC

This post was written by…

David Spark has contributed 110 posts to The State of Security.

Twitter @dspark

Contact David Spark

David Spark is a veteran tech journalist and founder of Spark Media Solutions, a media consulting and production company. Acting as the "media" of "social media," Spark Media Solutions helps its clients be seen as leading voices in their field through brand-quality media production and distribution through top tier media channels.