David Spark here reporting for Tripwire at the 2010 RSA Conference in San Francisco.
After the industry analysts’ roundtable (read my summary of that discussion), I caught up with Christian Christensen of IDC and asked him about a comment he made on the panel regarding the issue of compliance.
Christensen said to stop obsessing over compliance and concern yourself more with your auditors. If you create a good system for audits, then that will give you more visibility into compliance and other issues. Because the statement “We’re 100 percent compliant” is never true. There are always varying degrees of compliance, but if you can put the right reporting structures in place, then you can make the auditors happy which is a window to your world of compliance.
Check out more of Tripwire’s coverage from the 2010 RSA Conference in San Francisco.