Is Compliance Security’s Worst Enemy?


KnowBe4’s Data-Driven Defense Evangelist, Roger Grimes, explains why compliance and security are not aligned, and why compliance actually hurts security.

Regulatory mandates are springing up all over these days. Industry regulations with data privacy provisions, personal data protection laws, and existing mandates tightening up their security requirements are commonplace. But, as Roger Grimes points out in his latest article over at CSO, “compliance isn’t the same as security.”

The art of establishing and maintaining a defense against an enemy that it constantly changing its tactics doesn’t exactly jibe with static compliance mandates.

In his article, Grimes brings up 5 specific points of why compliance actually hurts security, summarized here:

  • Compliance is about whether or not you’ve met the requirement, whereas security is about whether you’ve actually protected the environment.
  • Compliance often does not reflect a proper balance towards security practices that actually stop attacks, breaches, etc.
  • Compliance changes too slowly to have an impact on the shifting threat landscape.
  • Compliance is mandatory and will always trump security, even if security is the better practice.
  • Compliance reporting isn’t representative of whether an organization is actually secure.

Read the full article “5 Ways Compliance Hurts Security” over at CSO online.

Is Managing Your Vendor Risk Taking Up Too Much of Your Time?

1You told us you have challenging compliance requirements, and keeping up with risk assessments is a continuous hassle.

Good news!

We are excited to announce we have expanded our new KCM GRC product with the new Vendor Risk Management module.

KCM now includes four modules: Compliance, Policy, Risk and Vendor Risk. Now, you can effectively and efficiently manage risk and compliance within your organization and across your third-party vendors, while gaining insight into gaps within your security program.

The new KCM GRC platform helps you get your audits done in half the time, is easy to use, and is surprisingly affordable. No more: "UGH, is it that time again!"

KCM GRC simplifies the challenges of managing your compliance, risk, and audit projects, enables you to efficiently manage GRC initiatives, and understand at a glance what items need to be addressed.

Get a first look at the new Vendor Risk Management module.

Watch this 8-minute on-demand product demonstration for a first look at the new Vendor Risk Management module. See how you can simplify the challenges of managing your compliance requirements and ease your burden when it’s time for risk assessments and audits.

  • Keep track of third-party vendor compliance requirements, services they provide, and what data they have access to in one centralized repository.
  • Vet, manage, and monitor your third-party vendors’ security risk requirements.
  • Streamline vendor assessments with automated workflows and campaigns
  • Ensure standard and consistent assessments with pre-built managed vendor assessment templates.

See how you can get audits done in half the time at half the cost!

Request Demo

Don't like to click on redirected links? Copy & Paste this link into your browser

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews