Friday, April 28, 2006

TaoSecurity on Demonstrating vs Maintaining Compliance

Richard Bejtlich poses an interesting statement at TaoSecurity. He says that "costs of demonstrating compliance far exceed those of maintaining compliance. This is sad."

Is it, really? I feel this is an important thing to think about, but I am not sure yet that it is indeed sad. You might think you are "doing OK" compliance-wise, but if you cannot prove it, you are in trouble...

Dr Anton Chuvakin