Richard Bejtlich poses an interesting statement at TaoSecurity. He says that "costs of demonstrating compliance far exceed those of maintaining compliance. This is sad."
Is it, really? I feel this is an important thing to think about, but I am not sure yet that it is indeed sad. You might think you are "doing OK" compliance-wise, but if you cannot prove it, you are in trouble...
No comments:
Post a Comment