IT Security approach: Compliance vs. Risk

Posté par : Julie Grassin || 28 September 2016 à 12:46


 

co-écrit par Margot


The goal of these few lines is to share some simple thoughts on how to handle IT Security practices and to compare two approaches: the Compliance and the Risk approaches.

Since many years IT security has been mostly handled through compliance checklists, based on market IT security standards (ex. ISO 27002, COBIT, NIST), specific IT general controls (ITGC), domain specific best practices or regulations (ex. Sarbanes Oxley, PCI-DSS), and internal security policies (resulting from previous).

Today with the threat landscape evolving, the company's IT security exposure increasing and the tight budget management, this multi checklists approach is not appropriated any more, for two practical reasons: More...



Tags : , , , ,

Catégorie(s) : Veille

Les blogueurs

C'est à l'occasion de notre première participation aux Assises de la Sécurité que nous avons eu envie de créer un espace ouvert aux professionnels qui partagent nos centres d'intérêt.

Un espace d'échanges donc qui nous donne le loisir d'exprimer nos points de vue sur les problématiques Risque et Sécurité mais surtout - et nous l'espérons - de recueillir vos avis éclairés.

Twitter