Close

Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

×

Status message

Start your free, no obligation 5-day trial to continue exploring with full access.

Why Is Cyber-Security a Process? This Is Why.

Matt Kelly | March 11, 2015

Several weeks ago I wrote about how compliance and audit executives might approach cyber-security risks, and foremost was the point that “cyber-security” should be about developing a strong process to govern the information you have, rather than a series of tools and defenses you deploy to keep intruders at bay. Today I want to revisit that subject from a different angle: from the perspective of the cyber threat, which is also about developing a strong process to govern the information you have—except that someone else is trying to govern your information, rather than you.

This has been on my mind because I just attended the Institute of Internal Auditors’ national conference in Las Vegas, and as one would expect, cyber-security risks were all over...

Buy this article for $49, or subscribe to Compliance Week for a month at $149 and get unlimited article access for 30 days.