[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
- To: "Ivan ." <ivanhec@xxxxxxxxx>, full-disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>, "security-basics@xxxxxxxxxxxxxxxxx" <security-basics@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
- From: Bert Knabe <bert.knabe@xxxxxxxxxxxxxxxxx>
- Date: Tue, 06 Apr 2010 13:31:16 -0500
On 4/6/10 1:23 AM, "Ivan ." <ivanhec@xxxxxxxxx> wrote:
> For those who don't frequent slashdot.......
>
> "Enterprises are spending huge amounts of money on compliance programs
> related to PCI-DSS, HIPAA and other regulations, but those funds may
> be misdirected in light of the priorities of most information security
> programs, a new study has found. A paper by Forrester Research,
> commissioned by Microsoft and RSA, the security division of EMC, found
> that even though corporate intellectual property comprises 62 percent
> of a given company's data assets, most of the focus of their security
> programs is on compliance with various regulations. The study found
> that enterprise security managers know what their companies' true data
> assets are, but find that their security programs are driven mainly by
> compliance, rather than protection (PDF)."
>
> http://www.rsa.com/products/DLP/ar/10844_5415_The_Value_of_Corporate_Secrets.p
> df
That's not really a surprise. While it's not the only thing that can cost
big bucks or put you out of business, non-compliance is just about the only
one that's checked regularly.
Bert
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/