How to emrace risk-based Security management in a compliance-driven culture

How to emrace risk-based Security management in a compliance-driven culture

This lecture was presented at the IEEE ITPC at the Trenton Computer Festival on March 16.

Security and Regulatory Compliance aren’t the same thing – but they’re often confused. When you’re working in a government, healthcare, or financial environment there’s a tendency to think that if you’re FISMA-compliant or HIPAA-compliant or any other X-compliant that you must have good security.

However, sophisticated risk management and real security don’t have much to do with compliance and you can actually great security and be non-compliant with regulatory requirements as well be fully compliant but not secure. This talk, led by Security guru Shahid Shah, will talk about how make sure risk-based security management is properly incorporate into compliance-driven cultures.


Shahid N. Shah

March 16, 2013