the State of Security

audit

Is Compliance Dead?

by Adam Montville

Is compliance dead in the water or, as a good friend of mine in the industry enjoys reminding me at every turn, is it really the frog in soon-to-be-boiling water?  Given the recent high profile breaches attributed to Anonymous and LulzSec, it’s easy to say, quite flatly in fact, that compliance simply isn’t cutting it. [...]

Read More

Gene Kim Video Blog: How Did We Get Hacked Even Though We Passed the Audit?

by ~Previous Contributers

We have been talking with Gene about various audit horror stories. In this episode Gene aptly names this “How did we get hacked even though we passed the audit?” Compliance is a point in time if you approach it as a project you have to complete for a test. Many people approach compliance initiatives such [...]

Read More

Gene Kim Video Blog: Compliance is the New Generator of Unplanned Work

by ~Previous Contributers

Gene has long talked about how unplanned work is the killer of any IT organization and how high performing IT organizations have minimized that unplanned work. Compliance now brings this back to the table in a whole new way. Hear what Gene has to say about compliance audits generating unplanned work. If you are not [...]

Read More

Gene Kim’s Audit Horror Stories: The Audit Liaison

by ~Previous Contributers

We continue talking with Gene Kim about the audit horror stories that he discusses in a recent paper called  Information Security and Multi-Compliance: Avoiding Audit Fatigue with a Single IT Compliance Strategy. In this post he talks about people that have been relegated to the audit liaison. Is this you? Have you seen this happen? Leave [...]

Read More

Gene’s Audit Horror Stories: Are You That Person That Everyone Runs From?

by ~Previous Contributers

We are talking about audit horror stories with Gene Kim. These compliance audit horror stories are outlined in a white paper called Information Security and Multi-Compliance: Avoiding Audit Fatigue with a Single IT Compliance Strategy. Gene gives you much more color to each of these in only a way Gene can. In this edition he [...]

Read More

An Introduction to Audit Horror Stories

by ~Previous Contributers

Gene Kim (@RealGeneKim) along with one of his mentors, Jennifer Bayuk , wrote the white paper Information Security and Multi-Compliance: Avoiding Audit Fatigue with a Single IT Compliance Strategy which is a Prescriptive Guide that provides nine steps that information security managers can use to break the compliance blame cycle and build an information security [...]

Read More

← Previous Entries