A few weeks ago I had the pleasure of interviewing Mike Dahn, Director of Risk and Compliance at PwC, and Josh Corman, Research Director of Enterprise Security at The 451 Group. The focus of our conversation was on what practical advice they could give to organizations that wanted to move beyond proving compliance validation to achieve better security.
Here is an excerpt of the conversation that focused on When Compliance Isn’t Good Enough:
The complete conversation is available for download here. I’ve also written a blogpost that is inspired by some of their compliance and security views. The purpose of this conversation was to expand the PCI Hug It Out discussion we started a few months ago, and provide practitioners with a pragmatic approach to help them achieve better security.
As always, I welcome your thoughts and interaction. I am especially interested in hearing about your struggles and how you take this advice and make it actionable for you and your organization.