Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.


Status message

Start your free, no obligation 5-day trial to continue exploring with full access.

Three Ideas for Compliance, Audit, and Cyber-Security

Matt Kelly | February 8, 2015

Nobody can get enough guidance about cyber-security these days, and the New England Chief Audit Executives group is no exception. I attended  the group’s winter meeting here in Boston last week, and that’s all we talked about for two solid hours. These folks had good ideas galore about managing cyber-security risk, so let me recap the most important ones here.

First, worry more about the process of how information is governed at your business than about the tools you use to protect it. Last week’s discussion started with a panel of audit and IT executives, and every one of them agreed on this point. Tools address one specific risk, and they may do that quite well—but they may also be useless for every other risk. And if your process for governing information is sloppy overall, those other risks will hit you eventually. The tools you have won’t do you much good then.

I always favor analogies from the real world, so try this one: at some point in life you might suffer a...

Read this single article for $49, or click the subscribe button below to review subscription options.

Enjoy unlimited access to thousands of articles, browse five years of digital magazines, qualify for reduced admission to events, and more.