Compliance is not security


Agustin Carstens (General Manager of the BIS) spoken recently about five key cyber issues for international cooperation. He made the interesting observation the "compliance is not security".

This is not a surprise for those of us in the UK, getting to grips with the cultural shift that SMCR introduces, and bottom up responsibility. But, I'd never thought on it in terms of cyber before. But of course, Mr Carstens is correct.

Quote mark icon

An organisation needs a "cultural shift", driven by a strong governance framework that learns and evolves, to go beyond compliance. An example of this is a cyber security department's engagement with the other staff in an organisation. Users need to be part of the security of an organisation. To achieve this, organisations need to innovate in how they communicate and engage with staff to make them feel like they are the ones tasked with defending their organisation - not that it is someone else's responsibility to do so on their behalf.
featured image