This compliant/secure challenge is important. Enterprise management wants to believe a clean compliance report indicates success. The CISO can help management understand this challenge is not so straightforward. Compliance is a good thing, but it must not be treated as the only cyberdefense objective. In many ways, a CISO’s measure of success is related to how well the CISO can steer the cybersecurity program so it correlates compliance with actual real-world security. Compliance measures need to support the effectiveness of the security program, rather than simply being a check-the-box
...more
