On 4/6/10 1:23 AM, "Ivan ." <ivan...@gmail.com> wrote: > For those who don't frequent slashdot....... > > "Enterprises are spending huge amounts of money on compliance programs > related to PCI-DSS, HIPAA and other regulations, but those funds may > be misdirected in light of the priorities of most information security > programs, a new study has found. A paper by Forrester Research, > commissioned by Microsoft and RSA, the security division of EMC, found > that even though corporate intellectual property comprises 62 percent > of a given company's data assets, most of the focus of their security > programs is on compliance with various regulations. The study found > that enterprise security managers know what their companies' true data > assets are, but find that their security programs are driven mainly by > compliance, rather than protection (PDF)." > > http://www.rsa.com/products/DLP/ar/10844_5415_The_Value_of_Corporate_Secrets.p > df
That's not really a surprise. While it's not the only thing that can cost big bucks or put you out of business, non-compliance is just about the only one that's checked regularly. Bert _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
