Should IT leaders incorporate the language of compliance frameworks into their security posture?

People & Leadership Governance, Risk & Compliance

1.4k views1 Upvote2 Comments

Sort by:

VP, Chief Security & Compliance Officer in Software4 years ago

When are we as leaders in the industry going to rise up and have some control over these framework organizations so that they will start recognizing the evidence that I collect and not needle me to death? The evidence has the same intent of the law versus the letter of the law. I've got the evidence there, I just have a different term. For example, instead of my “objective,” it's my “goals.” But it's still there.

Executive Coach / Global Chief Information Officer & CISO in Education4 years ago

Unless there is a massive invasion by aliens to come in and eradicate every lawyer on the planet, you're going to have to close one eye and determine whether or not the language fits and interpretation versus letter of the law. Unless we're mandated by a higher being that says, “Follow this law. This is what this means and there are no deviations,” then we just have to do our best. I've gone through too many others, like HIPAA, HITRUST, PCI, and everything else; I'm going to do my best and the rest has to come after that.

When you're talking about security, it all has to be highly customized and subjective; you cannot have one framework that is perfect for everyone. There are concessions there because you have different requirements, different needs, etc., and we don't have an endless amount of money to spend.

Content you might like

How do you think AI will disrupt business across industries? Add to my list: 1. Content creation 2. Photos and video production 3. Basic coding and debugging 4. Strategic analysis to be highly complimented

What is a "must have" meeting for you or your team? If you can please share why/what makes it so great - topic, frequency, etc. - I'm looking to brainstorm some fresh opportunities for my group.

As technology leaders, where are you seeing the most challenges or gaps?

Executive Support10%

Projects vs. Operations68%

Building a culture of Security15%

Team Completeness5%

View Results

I'm interested in understanding how your organizations estimate the complexity of digital initiatives, particularly as a basis for applying appropriate project management governance. In other words, how do you assess initiative complexity in order to determine the level or type of governance needed?

What's your most indispensable cloud infrastructure tools to use in addition to what you get from GCP, AWS, Azure?

HashiCorp (Terraform, Vault, Packer, etc.)22%

Cloud infra automation (Ansible, Puppet, Chef, etc.)56%

APM (Datadog, AppD, SignalFX, NewRelic, etc.)10%

Others?10%

View Results