The security versus compliance conundrum
In the world of information security, there's one problem that surfaces again and again, regardless of which regulatory standard we discuss: failing to understand the difference between compliance and security. Sometimes organizations think they’re the same thing; sometimes they get so consumed by complicated regulations that they stop focusing on security altogether. Using PCI as an example, the Target breach comes to mind. In what was called an “epic” security breach, upwards of 70 million credit and debit card numbers were stolen in late 2013 from the retail giant, which was validated as PCI-compliant just two months before the breach.
7701 Las Colinas Blvd., Ste. 800, Irving, TX 75063