David Spark here reporting for Tripwire at the 2010 RSA Conference in San Francisco.
Jennifer Bayuk is an independent consultant and the director of cybersecurity programs at the Stevens Institute of Technology. She cowrote a paper with Tripwire’s Founder and CTO, Gene Kim, entitled, “Avoiding Audit Fatigue.”
I asked her why do audits break down, and she corrected me saying that it’s not the audit that breaks down, but the response to the audit that breaks down.
I also asked for her take on Christian Christiansen of IDC’s theory (watch that video, Stop obsessing over compliance and start obsessing over audits) that one shouldn’t always be obsessed with compliance but rather focus on the audit process.
Check out more of Tripwire’s coverage from the 2010 RSA Conference in San Francisco.