Expert: audits not enough

By

Corporations must do more than just conduct audits to protect against evolving security threats, a security compliance expert warned this week.

Chris Noell, vice president of business development and compliance for Solutionary, said in a statement that forced compliance could actually weaken a company's defense.


"Regulatory compliance can be a useful tool for educating executives about security risks, as well as establishing a minimum standard of care," Noell said. "However, all too often, organizations' compliance strategy consists of passing an audit, not addressing real security deficiencies. Viewing security as an audit event versus an operational discipline risks leaving the organization with a false sense of confidence."

Noell's statement came a week after the annual SANS Top 20 report claimed hackers have shifted strategies towards primarily targeting applications instead of operating and email systems.

Mark Rasch, a founder and former member of the US Justice Department's Computer Crime Unit said Monday he hasn't yet seen companies responding specifically to the report, but warned that protecting applications is more difficult than looking after hardware.

"The problem with (protecting) applications is that they require a whole different skillset," he said. "In the old days, you could just throw up a firewall and you were done. Now you have to go from the cradle to the grave with software."

www.solutionary.com
www.sans.org

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?