10/18/2018

October is National Cyber Security Awareness Month. Now in its 15th year, this annual initiative has been focused on creating a “collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online, while increasing the resiliency of the Nation during cyber-threats”..

Each week of the month is dedicated to education around a different security topic. Week two is focused on learning about the risks, the advantages and the differences between compliance and security.

Compliance: A set of controls or framework determined by governmental, non-profit or industry groups that serves as a blueprint for the security of data. The regulatory organizations that govern compliance standards issue them as a minimum bar for security. Enforcement is established through audits or assessments that are either self-administered or coordinated by a third party.

Why is compliance important?

  • Builds and maintains trust with your clients and drives new business
  • Helps define why people should do business with you
  • Helps define how you do business
  • Enhances consistency within your operations which in turn reduces errors

Security is the collection of administrative processes, and technical and physical controls that safeguard data. Effective security requires threat identification and proactive protections, as well as active monitoring and analysis of the multiple layers of environments.

What security measures are there?

  1. Physical
    1. Access Controls
    2. Video Surveillance
    3. Environmental
  2. Logical
    1. Passwords
    2. Firewalls
    3. Data Encryption
  3. Social Engineering
    1. Awareness
    2. Training
    3. Limited Information

So, why do we need both compliance and security?

Despite their differences, both are essential for processing, hosting and managing sensitive regulated data. You should be:

  • Making security and compliance part of regular operations
  • Making risk assessment an ongoing process, not a once-a-year exercise
  • Regularly reviewing and auditing your internal controls and processes

Security must be your foundation.

Being either secure or compliant doesn’t mean that you are covering both basis. Checking off all your compliancy boxes won’t cover all your security needs. To be both secure and compliant you need a wholistic approach to security management. If you have an effective security strategy you will, consequentially, end up

Related Resources

BlogBlog

People Who Deliver: Spotlight Interview with Joe Brenneman

Enter go to Blog : People Who Deliver: Spotlight Interview with Joe Brenneman
BlogBlog

Securing Your Remote Worker

Enter go to Blog : Securing Your Remote Worker
BlogBlog

Helping our Hometown Recover and Rebuild...Again: Involta HQ City of Cedar Rapids Ravaged by Derecho Storm

Enter go to Blog : Helping our Hometown Recover and Rebuild...Again: Involta HQ City of Cedar Rapids Ravaged by Derecho Storm
BlogBlog

IT Starts with Security: Lessons from Healthcare Executives

Enter go to Blog : IT Starts with Security: Lessons from Healthcare Executives
BlogBlog

Digital Transformation: How do you “Get There?”

Enter go to Blog : Digital Transformation: How do you “Get There?”
BlogBlog

Digital Transformation: Why the Risk is Worth the Reward

Enter go to Blog : Digital Transformation: Why the Risk is Worth the Reward

Stay up to date with the latest from Involta

We use cookies to offer you a better web experience? By continuing to use our website, you agree to the Privacy Policy.