| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 06 Apr 2010 13:31:16 -0500 From: Bert Knabe <bert.knabe@...bockonline.com> To: "Ivan ." <ivanhec@...il.com>, full-disclosure <full-disclosure@...ts.grok.org.uk>, "security-basics@...urityfocus.com" <security-basics@...urityfocus.com> Subject: Re: Compliance Is Wasted Money, Study Finds On 4/6/10 1:23 AM, "Ivan ." <ivanhec@...il.com> wrote: > For those who don't frequent slashdot....... > > "Enterprises are spending huge amounts of money on compliance programs > related to PCI-DSS, HIPAA and other regulations, but those funds may > be misdirected in light of the priorities of most information security > programs, a new study has found. A paper by Forrester Research, > commissioned by Microsoft and RSA, the security division of EMC, found > that even though corporate intellectual property comprises 62 percent > of a given company's data assets, most of the focus of their security > programs is on compliance with various regulations. The study found > that enterprise security managers know what their companies' true data > assets are, but find that their security programs are driven mainly by > compliance, rather than protection (PDF)." > > http://www.rsa.com/products/DLP/ar/10844_5415_The_Value_of_Corporate_Secrets.p > df That's not really a surprise. While it's not the only thing that can cost big bucks or put you out of business, non-compliance is just about the only one that's checked regularly. Bert _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists