TechSpective Podcast Episode 103
Security equals compliance–at least in theory, assuming it’s effective security.
But compliance doesn’t necessarily equal security.
Igor Volovich, VP of Compliance Strategy at Qmulos, joins me on this episode to talk about the goals and limitations of compliance frameworks and efforts. Some elements of cybersecurity compliance are in the “eye of the beholder,” so to speak. Volovich shares great insight on separating data from opinion, and the pitfalls of basing compliance on subjective opinions about the environment.
Compliance audits or reports, in most cases, are also just a moment-in-time snapshot. Regardless of how secure or compliant you were at the point in time that the audit was conducted, it doesn’t tell you anything meaningful about whether or not you’re secure or compliant right now. It’s part of the reason that focusing on passing compliance audits is a poor strategy. Focusing on effective cybersecurity means you’re more likely to be secure day-to-day, and–as an added bonus–there’s a fair chance you’re also compliant.
Check out the full episode for our discussion of cybersecurity compliance–including trends in accountability for cybersecurity executives who sign off on compliance audits without understanding or validating that they’re accurate.
The podcast itself is audio-only, but the video of our conversation is also available on YouTube if you prefer:
Please ask questions and share your thoughts on the topic in the comments below. Also, please subscribe to the TechSpective Podcast through your favorite podcast platform and share the podcast with your peers and friends.
If you enjoy the podcast, I would also be grateful if you could take 2 minutes to rate and review the podcast on iTunes or wherever you listen.