Wednesday, April 11, 2007
Are You Compliant?! - With What? - Answer The Question, You Idiot!!!
Looks like compliance frenzy is near the crescendo. Today I saw people ask a question on how to achieve "general" compliance. Not FISMA, HIPAA, PCI DSS, SOX, GLBA, CA1386, Basel, ISO17799, ITIL or COBIT - noooooo. They wanted "general" compliance ... Does it exist? Do pink elephants? :-)
Subscribe to:
Post Comments (Atom)
Dr Anton Chuvakin
2 comments:
Nope.
There is some crossover from one framework to another.
After you have a good security program using one framework, it's fairly easy to add another one.
But no. My theory is that compliance is an artificial construct that simply does not work the way we want it to in the information security arena.
Sure, I comply, in a general way, with that which I say I do.
That was easy. Sounds like a smart-ass answer, but...
Post a Comment