Expert: audits not enough

By

Corporations must do more than just conduct audits to protect against evolving security threats, a security compliance expert warned this week.

Chris Noell, vice president of business development and compliance for Solutionary, said in a statement that forced compliance could actually weaken a company's defense.


"Regulatory compliance can be a useful tool for educating executives about security risks, as well as establishing a minimum standard of care," Noell said. "However, all too often, organizations' compliance strategy consists of passing an audit, not addressing real security deficiencies. Viewing security as an audit event versus an operational discipline risks leaving the organization with a false sense of confidence."

Noell's statement came a week after the annual SANS Top 20 report claimed hackers have shifted strategies towards primarily targeting applications instead of operating and email systems.

Mark Rasch, a founder and former member of the US Justice Department's Computer Crime Unit said Monday he hasn't yet seen companies responding specifically to the report, but warned that protecting applications is more difficult than looking after hardware.

"The problem with (protecting) applications is that they require a whole different skillset," he said. "In the old days, you could just throw up a firewall and you were done. Now you have to go from the cradle to the grave with software."

www.solutionary.com
www.sans.org

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

WhatsApp banned on US House of Representatives devices

WhatsApp banned on US House of Representatives devices

Victoria's first government tech chief steps down

Victoria's first government tech chief steps down

Log In

  |  Forgot your password?