The need to ensure compliance with regulations should no longer be the primary consideration of CIOs when planning IT risk and security measures.
Gartner said compliance is an outcome of a well-run risk management programme and should not dominate CIOs’ decision making.
“By simply trying to keep up with individual compliance requirements, organisations become rule followers, rather than risk leaders,” said John A. Wheeler, research director at Gartner. “CIOs must stop being rule followers who allow compliance to dominate business decision making and become risk leaders who proactively address the most severe threats to their enterprises.”
SOURCE: net-security.org
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.