The "compliance != security" mantra makes sense when a compliance framework is thrust upon an immature security and/or risk program with the expectation that it'll result in security. Will it probably make the org *better*? Sure. But relative to a terrible state, still unsafe.

Keith

@kwm

To call this an unpopular opinion is the understatement of the century. But it can be true, 💯.

Introducing a compliance framework atop functioning secops + risk mgmt will mean minimal net new work for those teams.

And the framework + audit make it more measurable, consistent. https://x.com/caseyjohnellis/status/1700203917274132718

9/8/2023, 1:06:37 PM

Favs: 7

Retweets: 0

link

Keith

@kwm

The "compliance != security" mantra makes sense when a compliance framework is thrust upon an immature security and/or risk program with the expectation that it'll result in security.

Will it probably make the org *better*? Sure. But relative to a terrible state, still unsafe.

9/8/2023, 1:15:19 PM

Favs: 0

Retweets: 0

link