Early in August I commented on the implications of a US district court’s judgement that Microsoft had to turn over e-mail from alleged UK nationals who’s e-mail stored in a data center in Ireland. At the time of the judgement the judge stayed the ruling pending Microsoft’s appeal. This appears to have been a procedural mistake.… Continue reading Current Event: International Man of Privacy
I read and hear the term “compliance” used liberally in infosec, often without a clear context. The graphic above is intended to illustrate some business drivers such as statutory laws, regulatory agencies (e.g. GAO’s HIPAA), industry-imposed requirements (e.g. PCI DSS), customers’ and shareholders’ expectations (some of which are legally and contractually required). These plus other… Continue reading What is Compliance?
Compliance is about auditable business processes that are related to meeting legal, regulatory & contractual requirements. Infosec is a confluence of strategic & tactical processes & controls with a goal of ensuring confidentiality, integrity & availability of data & systems. There is overlap but the two things are effectively different and aimed at different needs… Continue reading Compliance versus Security … Coming to Trial?