• IT intelligence from a national leader.

  • IT intelligence from a national leader.

  • IT intelligence from a national leader.

Involta Blog

Cyber Security Week 2 - Compliance vs. Security

October is National Cyber Security Awareness Month. Now in its 15th year, this annual initiative has been focused on creating a “collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online, while increasing the resiliency of the Nation during cyber-threats”..

Each week of the month is dedicated to education around a different security topic. Week two is focused on learning about the risks, the advantages and the differences between compliance and security.

Compliance: A set of controls or framework determined by governmental, non-profit or industry groups that serves as a blueprint for the security of data. The regulatory organizations that govern compliance standards issue them as a minimum bar for security. Enforcement is established through audits or assessments that are either self-administered or coordinated by a third party. 

Why is compliance important?

  • Builds and maintains trust with your clients and drives new business
  • Helps define why people should do business with you
  • Helps define how you do business
  • Enhances consistency within your operations which in turn reduces errors

Security is the collection of administrative processes, and technical and physical controls that safeguard data. Effective security requires threat identification and proactive protections, as well as active monitoring and analysis of the multiple layers of environments.

What security measures are there?

  1. Physical
    1. Access Controls
    2. Video Surveillance
    3. Environmental
  2. Logical
    1. Passwords
    2. Firewalls
    3. Data Encryption
  3. Social Engineering
    1. Awareness
    2. Training
    3. Limited Information

So, why do we need both compliance and security?

Despite their differences, both are essential for processing, hosting and managing sensitive regulated data. You should be:

  • Making security and compliance part of regular operations
  • Making risk assessment an ongoing process, not a once-a-year exercise
  • Regularly reviewing and auditing your internal controls and processes 

Security must be your foundation.

Being either secure or compliant doesn’t mean that you are covering both basis. Checking off all your compliancy boxes won’t cover all your security needs. To be both secure and compliant you need a wholistic approach to security management. If you have an effective security strategy you will, consequentially, end up