Re: Compliance Is Wasted Money, Study Finds

[Bert Knabe <bert.knabe () lubbockonline com>]

On 4/6/10 1:23 AM, "Ivan ." <ivanhec () gmail com> wrote:

> For those who don't frequent slashdot.......
>
> "Enterprises are spending huge amounts of money on compliance programs
> related to PCI-DSS, HIPAA and other regulations, but those funds may
> be misdirected in light of the priorities of most information security
> programs, a new study has found. A paper by Forrester Research,
> commissioned by Microsoft and RSA, the security division of EMC, found
> that even though corporate intellectual property comprises 62 percent
> of a given company's data assets, most of the focus of their security
> programs is on compliance with various regulations. The study found
> that enterprise security managers know what their companies' true data
> assets are, but find that their security programs are driven mainly by
> compliance, rather than protection (PDF)."
>
> http://www.rsa.com/products/DLP/ar/10844_5415_The_Value_of_Corporate_Secrets.p
> df

That's not really a surprise. While it's not the only thing that can cost
big bucks or put you out of business, non-compliance is just about the only
one that's checked regularly.


Bert

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/