Wednesday, April 11, 2007

Are You Compliant?! - With What? - Answer The Question, You Idiot!!!

Looks like compliance frenzy is near the crescendo. Today I saw people ask a question on how to achieve "general" compliance. Not FISMA, HIPAA, PCI DSS, SOX, GLBA, CA1386, Basel, ISO17799, ITIL or COBIT - noooooo. They wanted "general" compliance ... Does it exist? Do pink elephants? :-)


Anonymous said...


There is some crossover from one framework to another.

After you have a good security program using one framework, it's fairly easy to add another one.

But no. My theory is that compliance is an artificial construct that simply does not work the way we want it to in the information security arena.

PaulM said...

Sure, I comply, in a general way, with that which I say I do.

That was easy. Sounds like a smart-ass answer, but...

Dr Anton Chuvakin