Humans are STILL a Weak Link in Risk Mgmt

Checking out today’s current events from Feedly I ran across Bruce Schneier’s comments around a social engineering attack that resulted in ~ $300,000 loss to Apple in products.

apple store

What is Compliance?

image

I read and hear the term “compliance” used liberally in infosec, often without a clear context.

The graphic above is intended to illustrate some business drivers such as statutory laws, regulatory agencies (e.g. GAO’s HIPAA), industry-imposed requirements (e.g. PCI DSS), customers’ and shareholders’ expectations (some of which are legally and contractually required).