Compliance no longer main driver of security measures

The need to ensure compliance with regulations should no longer be the primary consideration of CIOs when planning IT risk and security measures.

Gartner said compliance is an outcome of a well-run risk management programme and should not dominate CIOs’ decision making.

“By simply trying to keep up with individual compliance requirements, organisations become rule followers, rather than risk leaders,” said John A. Wheeler, research director at Gartner. “CIOs must stop being rule followers who allow compliance to dominate business decision making and become risk leaders who proactively address the most severe threats to their enterprises.”

SOURCE: net-security.org

Information Security Buzz