When it comes to cybersecurity, much of the discussion and emphasis has shifted from “compliance” to “risk.” So, what is the difference? Compliance is like addition and subtraction – you know the things you memorize, while the risk is more like calculus – the things you have to figure out.
Cybersecurity for computer networks and systems just keeps getting tougher every day. New attack vectors and threats occur by the hundreds on a daily basis. Protecting systems and data requires massive defensive vigilance and action on the part of CISOs, CTOs, CIOs and the personnel that work for them at multiple points in the value chain of serving up information systems services to a needy customer base.
Compliance does not equal risk management. Compliance is the minimum standard that serves as the foundation that can be measured and provide consistency across your information systems. So what comes first – risk or compliance?
In this CyberSecurity TV episode, Brian Hajost, SteelCloud CEO, focuses on the nature of risk vs. compliance and also the different ways we think about them.