CISO | Coach | Mentor | Business Leader | Closing the cyber security skills gap through strategic partnerships
“What’s more important? Being compliant or being secure?”🤔 #Informationsecurity and #security professionals often debate this topic. Thorsten Pollert’s answer: “It’s best to be both - they are equally important.” Well said! But what if you can only afford to be one? I recently shared the stage with Alexandros Manakos, #CEO of Apollon Security to explore this statement. We discussed three key themes and shared real-life stories and examples to highlight the benefits. Our goal: to help others C-Y-A. What does that mean? Challenge - Your - Assumptions regarding Compliance vs Security to obtain the greatest benefits of both. We had three main themes: 👉🏻 Compliance vs Real security - Can you be secure and not compliant? - Can you be compliant and not secure? - Which of the two is easier and why? 👉🏻 Communication vs Operations - What is operational readiness? - What does it take to be secure? - How can this feed compliance - Where are the gaps? 👉🏻 Unity of purpose - How to bridge the silos: Legal, Technical, Operations, and more… - How to avoid "compliance fatigue“ - Why you need the right partners to unify the silos It was an excellent event at HEUKING centered around #DORA and #NIS2 readiness. Why is this important for you? Follow below to know. 👇 https://lnkd.in/eWBC2kvD
Robert Fox
5mo
Those two are NOT mutually exclusive! 😦 All too often, companies focus on "ticking the boxes" and just doing enough to be compliant or get certified, satisfying the auditors yet NOT really improving their security posture or maturity! ?!? 😲 What's the whole purpose of compliance in the first place ??🤔 They are BOTH of equal importance, yet if I was forced to choose, I'd pick being (more) secure !!!!!!!! 🔐👍 Better to be safe than sorry! 🤷♀️🤷♂️ Happy Friday on top - Stay Vigilant and Keep Safe! 😷
Alexander Busse
5mo
In my opinion, the primary goal should always be security; compliance then simply means doing good things and documenting them. Compliance without real security becomes a mere formality and hinders organizational effectiveness. This leads to processes being ignored and circumvented whenever possible. Great discussion on this topic, and it’s wonderful to see leaders like Michael Beaupre and Alexandros Manakos addressing these crucial themes. Their insights are invaluable in challenging assumptions and aiming for both security and compliance, achieving the greatest benefits. Kudos to them for leading such an impactful event!
Tim Ward
5mo
Great topic. We certainly see some organisations taking the compliance route to the human factor - tick box training - which has very limited impact on actual security and risk reduction. If you are going to spend that money .. why not actually use it to reduce risk?
Hays
5mo
Very interesting topic, Michael Beaupre! Looking forward to read more about CYA regarding Compliance vs Security! 👏
John van Leeuwen
5mo
Interesting topic; I believe if one does proper security, one will also be compliant. It is not such that there are strange and irratic demands in compliance, basically demonstrate you follow a structured process and be able to demonstrate that….
Tobias Faiss
5mo
If it's a question of either or security and compliance, then you shouldn't run a business.
Great Event, lot's of interesting storys about #NIS2 and inspiring examples by Alexandros and you Michael. 👍🏼 Thank you HEUKING and Hays for this evening. 😊
Leading security and people with ❤️
5moThis is a very good and important question. In my opinion both, as both should enabling each other. Unfortunately nowadays compliance and security are mostly separated in silos. I wish some day we can break the silos. Good security practices should automatically cover compliance and compliance is more pragmatic and less a burden.