Compliance is Not Security

Compliance is not equal to security. These are two different beasts although they may have similar objectives. When I was a Big4 consultant, I saw how consulting firms and security vendors gained financial success during the first few years of Sarbanes-Oxley (SOX). Assessment programs were usually based on leading practices on access controls, change management, backups and … [Read more...]