The InfoSec Blog

Compliance? What Compliance?

Posted by Anton Aylward

United States Securities and Exchange Commission

Image via Wikipedia

Sometimes I wonder why we bother ...

The Securities and Exchange Commission doesn't just enforce the rules
that govern Wall Street. When asked, it often grants individual
companies exemptions from the rules
.

Enhanced by Zemanta

Sony backs U.S. ineffective cybersecurity legislation

Posted by Anton Aylward

Magic Link

Image via Wikipedia

http://www.vancouversun.com/news/Sony+backs+cybersecurity+legislation/5030033/story.html

"If nothing else, perhaps the frequency, audacity and harmfulness of
these attacks will help encourage Congress to enact new legislation to
make the Internet a safer place for everyone," the Sony executive said.

"By working together to enact meaningful cybersecurity legislation we
can limit the threat posed to U.S. all," he said.

To people like us, IT Audit and InfoSec types, 'control' come in 3 forms

  • preventative
  • detective
  • compensatory

It seems that this legislation focuses on the 3rd and not the first.
It might even be seen to discourage the second.

Enhanced by Zemanta