Skip to main content

To hell with "compliance", If it's not bringing Security on the table !

When the world is about to wake up on handling security consciously, The C-Suite is unable to digest the Return On Investment. Every minute of every hour, Organizations are loosing their precious security employees just because someone somewhere is incapable to use Simple Math to give some numbers to their Bosses. The management is failing to understand or at-least ignoring the fact that security is important to their businesses directly. Gone are those days when repercussions were felt later in time, In contemporary culture the impact are too high and sudden. By the time organizations wake up, They have already had a visible dent on their businesses and values. 

In the last couple of years, when everyone was working to bring security solutions on the table , C-Suite people made the wrong turn and brought "compliance" ! From that day till the next major incident, we are not expecting any turn from the current pathway . No one is sharing their part of energy to push this decision backward and those who are , have not been successful yet. The optimists have assumed or are about to assume the greater good that is destined for them. The pessimist shows their pessimism on both sides. They both are not helping.  

Frankly speaking, Investment in everything and anything that is needed for security has been put under a cap (ceiling) of minimum requirement to comply. This has made it very difficult to implement or even think of a solution which does not have an obvious ROI. This adds up to define corporate strategy which brightens up future of any organization, which in this case isn't that bright ;)

Let's start to end the risk of uncertain and fearful future, lets start to say No to Compliance, lets start to ask for Security. #AskForSecurity #SayNoToCompliance 

Comments

Post a Comment

Popular posts from this blog

M.S in Cyber Law and Information Security(MS-CLIS) at IIIT Allahabad

The course provide an exhaustive blend of Technology and Legal requirement that are often sought after by the concerned industry. MS-CLIS students receives grounding in programming, security auditing, logic and cryptography, in addition to policy and legislative procedures. The education is at par with certifications like CISA, CISM and CISSP. “The knowledge that MS-CLIS students have at the end of the course is the same, as expected of a person holding all these certifications, and more,” says Dr. Abhishek Vaish , the faculty coordinator for placement at IIITA . Well, above is an objective view of the institute and the course, but this is my blog, and i possess the right to write my views and experiences with this course. I joined the course in july 2013 and within a fortnight after joining the course, I found out that i was quite naive before, my  understanding of information security was not holistic. It was a big surprise as i could never have had imagined the enormous d...
2 comments
Read more

Did i miss to assetize Virtual Machines !

Auditee : Hi There ! Welcome, What would you like to have? Tea or Coffee? Auditor: Asset Register ! A comprehensive Asset Register is something which is quintessential for any risk management program. Everything that has to do with risk, follows from here. Information Security Risks are no different that any other type of risks. Having a few people (rarely security pro) building asset register will probably mess up any risk management at the very first stage. It has been seen that people generally miss to address technologically advanced assets (The ones they did not understand a few years ago)  to register in their asset inventory. The most obvious are the virtual machines.  Every day ,Virtual Machines (VM) are being created on the fly as per business requirement, many of them persist for years and many not so much. There are many questions  like: if that particular VM is of some value? Do I need to consider it as valuable at this point of time, whe...
Post a Comment
Read more

Pornography and Laws in India

IT is not illegal to watch adult pornography in India but it is illegal to transmit or publish it. Following is a more precise definition according to Section 67 of the  IT Act :- Whoever  publishes or transmits or cause to be published or transmitted in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having  regard to all circumstances, to read, see or hear the matter contained or embodied in it, shall be punished . Child Pornography: IT is illegal to create, collects, seeks, browses, downloads, advertises, promotes watch, transmits, material in electronic form which depicts children engaged in sexually explicit actor conduct. What i infer from the IT Act that if you are engaged in child pornography or abuse online directly or indirectly you are committing a crime. I have just given some over view through my understanding of the IT Ac...
Post a Comment
Read more