So, you read a great tip on the internet and think it would improve your security posture. Before you bring that tip to management, it’s wise to determine if it’s allowed by your security compliance requirements or can become an acceptable exception to your compliance templates.
Many of you work for firms that have multiple compliance mandates. The larger and more international your corporation, the more alphabet soup of technology compliance regulations need to be followed: the European Union’s General Data Protection Regulation (GDPR), the American Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standard (PCI DSS), the guidance by the National Institute of Standards and Technology (NIST), the Federal Information Security Management Act (FISMA), and the Center for Internet Security (CIS) controls to name a few.