The “winners” are:
- “No brainer” winner: PCI DSS with 59% – it is indeed ‘forevah’
- ISO2700x is a surprising silver medalist with 36% (more than half of PCI?)
- ITIL holds an even-more-surprising 3rd spot with 19% – at nearly 1/2 of ISO again
- A bunch of supposedly “cool” regs share #4 spot with 12%-15%: FISMA, HIPAA, SOX
- …and the same percentage (15%) is held by “I don’t care about that compliance sh*t”
- NIST (in general, I guess beyond just FISMA)
- Red Flag (financial)
- CFATS (?)
- PHIPA, MFIPPA (?)
- EU Data Privacy laws
What does it tell us? What can we hypothesize based on our totally unscientific compliance poll?
- All this talk about PCI DSS impacting security at large is very real – now and likely in the near future. I might argue with Josh about whether the impact is positive or negative – but it is HUGE. It definitely goes way beyond retail and ecommerce.
- ISO27001 came back to life somehow. That’s probably a good thing….
- Not sure what the lesson from ITIL being #3 is – that folks from UK read my blog? :-)
- Finally, I think the people who don’t care about compliance split into two opposite camps: people who don’t EVEN CARE ABOUT COMPLIANCE (much less security) and people who care about security and operational excellence which gives them compliance [not for free, mind you!] So, 19% covers both of these camps.
Possible related posts:
- All posts on polls and their analysis