simply put.. compliance is an accordance with established guidelines, specifications, or legislation... for example.. software being developed in compliance with specifications created by some standard body... big companies have chief compliance officer (CCO) to overlook for it... so know the risks if you are not complying...
fooler. On Mon, Jun 3, 2013 at 8:32 PM, Federico Sevilla III <[email protected]> wrote: > In his article which opens the Feb 2013 issue of the *ISACA Journal*, > Steven Ross tackles this problem quite insightfully. I like how he points > out that standards which are often referred to as "best practice" are > really "just okay practice". He points out that ISO/IEC 27001 as it > currently stands is now more than seven years old and a lot has happened > since. Further, by the time the updated standard is published this year, > even that will be out of date as it will cover issues prevalent whilst the > committee worked on the standard, not those as of its release date. > > In my opinion, compliance is a necessary evil and is in many cases an > excellent first step. At the very least, it raises awareness and puts > certain critical issues on the table especially at the c-suite. In this > regard I must respectfully disagree with Zak's view that there are cases > where you can afford *not* to comply. Whilst from a technical perspective > I agree that mandating on-access anti-virus on GNU/Linux desktops (today) > is for the most part useless, using this "technical uselessness" as a > ticket to throwing out all the benefits of compliance would seem like > throwing out the baby with the bathwater. > > What most people and companies miss is that whilst an excellent and > necessary first step, compliance is not the end all and be all of it. It's > surely no silver bullet but is merely the first step of many on a journey > towards organisational maturity, necessitated by the hyperconnected era of > The Internet of Things which we've already entered. > > Kind regards, > Jijo > > -- > *Federico Sevilla III*, CISM, CISSP, PMP, MACS CP > Chief Executive Officer > F S 3 Consulting Inc. > http://www.fs3.ph > > On 03/06/13 09:45, Tito Mari Francis Escaño wrote: > > The author of the thread discussion must be working in an organization > where strict compliance is a must have, like financial or credit card > processing companies. Even MasterCard and VISA require their partners to > comply to such requirements to be certified and graded accordingly as > affiliate. > However, considering Zak's expressed opinion on the matter, compliance is > not a fail-safe measure against being hacked or defaced online, but it's a > security blanket to setup an IT infrastructure that in itself is secured to > some level. Whether it will fail or not is in the hands of the IT staff > managing that infrastructure. As they say: a fool with a tool is still a > fool. > I once worked with a financial organization that's so compliant working > was a bore since I can't immediately install or deploy software or changes > that should be implemented. Last April 2012, they were hacked and sensitive > information were stolen from them, their IT infrastructure compliance not > withstanding. > > > On Wed, May 29, 2013 at 7:11 PM, Zak Elep <[email protected]> wrote: > >> On Wed, May 29, 2013 at 7:02 PM, [email protected] >> <[email protected]> wrote: >> > You know very well what you posted is personal opinion and won't make >> sense >> > to any high grade requirement like sox :-) >> >> Maybe. Most likely we're just dealing with different cases. I'm not >> saying compliance is a bad thing, but there are the cases where you >> can afford _not_ to comply. >> >> -- >> Zak B. Elep || zakame.net >> 1486 7957 454D E529 E4F1 F75E 5787 B1FD FA53 851D >> > > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph >
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
