The Root of the Compliance vs Security Paradox

OCEG Image - Cpat Title Change

Join us for a friendly debate on why compliance is so misunderstood and the critical role it plays in determining overall security posture.

We’ve all heard the argument that compliance doesn’t equate to security. It’s rooted in the fact that security leaders must go beyond “checking the compliance box” by broadly examining the risk surface and the various bad actors and threats we encounter. Regulations and frameworks just cannot keep up.

So, no, just being compliant does not make a company secure. But here is where the paradox sets in, without compliance you also cannot be secure. This paradox is created because in discussions peers, pundits and others in the community do not discuss which type of compliance they are referring to when they discuss this topic. In compliance there are actually 3 types! Two little “c” and the BIG C.

Here are the 3:

  • Regulatory Compliance - really is just another risk as it relates to the potential of being fined for being non compliance
  • Framework Compliance - This is part of the Big C compliance. Organizations select frameworks that help guide their compliance programs
  • And finally the BIG C. The C in GRC, the organization’s entire compliance program

Chris (Cpat) Patteson, GRC Expert, and Praj Prayag-Deb, Director, Information Risk & Internal Controls at Horizon Media, debated and discussed this “paradox” of compliance vs security, the importance of the BIG C, and why without Compliance you also cannot truly be secure. Tune in for tips on finding the right balance between compliance and security in your organization.

Watch Webinar On Demand