[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <C7E0E824.2150C%bert.knabe@lubbockonline.com>
Date: Tue, 06 Apr 2010 13:31:16 -0500
From: Bert Knabe <bert.knabe@...bockonline.com>
To: "Ivan ." <ivanhec@...il.com>,
full-disclosure <full-disclosure@...ts.grok.org.uk>,
"security-basics@...urityfocus.com" <security-basics@...urityfocus.com>
Subject: Re: Compliance Is Wasted Money, Study Finds
On 4/6/10 1:23 AM, "Ivan ." <ivanhec@...il.com> wrote:
> For those who don't frequent slashdot.......
>
> "Enterprises are spending huge amounts of money on compliance programs
> related to PCI-DSS, HIPAA and other regulations, but those funds may
> be misdirected in light of the priorities of most information security
> programs, a new study has found. A paper by Forrester Research,
> commissioned by Microsoft and RSA, the security division of EMC, found
> that even though corporate intellectual property comprises 62 percent
> of a given company's data assets, most of the focus of their security
> programs is on compliance with various regulations. The study found
> that enterprise security managers know what their companies' true data
> assets are, but find that their security programs are driven mainly by
> compliance, rather than protection (PDF)."
>
> http://www.rsa.com/products/DLP/ar/10844_5415_The_Value_of_Corporate_Secrets.p
> df
That's not really a surprise. While it's not the only thing that can cost
big bucks or put you out of business, non-compliance is just about the only
one that's checked regularly.
Bert
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists