Audit Checklist Does Not Equal Security
For organizations to develop a mature risk management program, they must go beyond the checklist.
We have always believed that checklists are dangerous in audits, that audits should be based on risk as much as compliance. We believe that risk assessments should determine the controls that mitigate the most risk, and that those are the controls that should be tested in an audit, and that compliance risk should be considered as just one of the many types of risk. This article helps bolster our position.
Compliance does not always equal security. When organizations focus only on passing the audit checklist, they are missing the whole point of having a security system. In order to function, there needs to be a concerted effort to build the resilience of the organization’s IT system. Constantly reacting to one breach after another is not fixing the problem. This is only treating the symptoms. In order to prevent future breaches, organizations must work to get in front of the attackers and bolster their defenses.
The newest Global Information Security Survey showed that out of 9,600 organizations, only 17% possessed a mature risk management program.
Every company needs to understand how much risk they are willing to tolerate and understand the consequences – both long term and short term – of accepting too much IT risk. Integrating security into everyday business operations can be a good first step. The idea is that organizations move away from this idea of checklist compliance to proactively securing their organization.
Original article by George V. Hulme.
Read the full story here.
One Response to “Audit Checklist Does Not Equal Security”
Leave a comment
Some small organizations continue to use customer data to generate initial passwords, Read more
Another awareness poster for YOUR customers (and users). Now that we have our own em Read more
Risk isn’t the only thing to consider when planning a decision tree. Another one of t Read more
While we’re not a news service, we often use current events to comment on trends and Read more