As numerous data compliance laws proliferate across the globe, security professionals have become too focused on checking their requirements boxes when they should be focused on reducing risk. Can the two work harmoniously together?
The answer depends on how effectively IT security leaders can work with their auditors and speak to their boards, say experts. These are their top five recommendations:
1. Focus on data protection
It’s well-known that compliance is about protecting regulated data, while cybersecurity is focused on keeping bad guys out. From a data protection perspective, the key security measure then is to avoid processing or storing regulated data that isn’t needed. If regulated data must be stored, make sure you’re using stronger-than-recommended encryption, says James Morrison, national cybersecurity specialist for Intelisys, the infrastructure support division of payment systems company, ScanSource.
To read this article in full, please click here
