Cybersecurity teams are subject to a complicated web of compliance and regulatory frameworks.
These aim to ensure organizations implement appropriate security controls… but they present a significant challenge. Each framework has slightly different recommendations and priorities, forcing teams to expend a huge amount of effort to keep track of and enforce their requirements. But that’s not the only problem.
The “Special Snowflake” Approach to Compliance
What makes a compliance framework difficult to implement? While there are several factors, perhaps the most significant is that most frameworks take a descriptive approach—they tell organizations what to achieve but not how to achieve it.
Tony Sager, SVP and Chief Evangelist at The Center for Internet Security (CIS) explains:
“Compliance requirements are what I call cosmic frameworks. They proclaim ‘thou shalt achieve this,’ but aren’t prescriptive about how to do that. It creates an industry of tea leaf readers trying to interpret (Read more...)
*** This is a Security Bloggers Network syndicated blog from Cimcor Blog authored by Jacqueline von Ogden. Read the original post at: https://www.cimcor.com/blog/number-1-compliance-problem-not-talked-about