IT Security approach: Compliance vs. Risk
|
1 min de lecture
co-écrit par Margot
The goal of these few lines is to share some simple thoughts on how to handle IT Security practices and to compare two approaches: the Compliance and the Risk approaches.
Since many years IT security has been mostly handled through compliance checklists, based on market IT security standards (ex. ISO 27002, COBIT, NIST), specific IT general controls (ITGC), domain specific best practices or regulations (ex. Sarbanes Oxley, PCI-DSS), and internal security policies (resulting from previous). (suite…)