Compliance ≉ Security

there are hundreds of security frameworks out there, all somehow accredited and accepted by industry, all good, but compliance with any, or even all of them does not mean anything to state of security, does not affect the state of security and it is not a metric for security.

being compliant is different than being secure, either via a simple attestation or intense external audit, complying with a security framework or standard or regulation does not mean the entity, process or product or service is secure.

not all people with driver license are good drivers, let alone defensive pro drivers. complying with FDA’s xyz regulation does not mean a food product is good. complying with GDPR or having ISO 12345:2021 certification does not mean security is guaranteed or even basics are met.

in fact, this whole compliance has turned to something which distract entities from paying attention to reality of security. it is simple, industry is focusing on complying with these stuff and pros are busy making these guidelines, so we are distracted from root causes and vulnerabilities are being generated faster than being addressed or mitigated.

the remedy is to approach compliance within your security program and not the other way. if you are a good driver you can get a license from an authority anywhere in the world, but if you focused on passing the test and just getting the license you will soon find yourself even not able to drive in another country let alone receiving a license from them.

all the security frameworks are great, they give industry something to adhere to, a roadmap for most of companies not knowing where to start…but they are far from directing industry to right way of security.

Kaveh Mofidi

By Kaveh Mofidi

I find simple solutions for complex problems. While I enjoy working with information security and computers, our challenges extend far beyond securing data. The real task is to discover solutions for unlimited clean energy, drinkable water, and addressing the root causes of hunger, war, and injustice. Our primary goal should be to keep our planet livable; that is the true challenge we face on Earth!

Leave a comment