David Spark here reporting for Tripwire at the 2010 RSA Conference in San Francisco.
After the industry analysts’ roundtable at the RSA Conference 2010 I spoke with Jonathan Penn of Forrester. Penn covers all areas of security from the vendor side, but the area we focused on was the issue of compliance.
Compliance distracts people from doing their business better. For most organizations, it’s just a check box. And as we’ve heard over and over again, compliance does not equal security.
In fact, many organizations wouldn’t do data security if it wasn’t a requirement. That’s why we have compliance requirements and because it’s “required” projects within an organization only get funding if they’re connected to some regulation.
See my related article “Security industry analysts’ roundtable” and my interview with Christian Christiansen “Stop obsessing over compliance and start obsessing over audits.”
Check out more of Tripwire’s coverage from the 2010 RSA Conference in San Francisco.