What is Compliance?

image

I read and hear the term “compliance” used liberally in infosec, often without a clear context.

The graphic above is intended to illustrate some business drivers such as statutory laws, regulatory agencies (e.g. GAO’s HIPAA), industry-imposed requirements (e.g. PCI DSS), customers’ and shareholders’ expectations (some of which are legally and contractually required).

Compliance versus Security … Coming to Trial?

Compliance is about auditable business processes that are related to meeting legal, regulatory & contractual requirements.

Infosec is a confluence of strategic & tactical processes & controls with a goal of ensuring confidentiality, integrity & availability of data & systems.