This article in Information Week by Mathew J. Schwartz is well worth reading. It is time that security came first and compliance second IMHO. Click on the link below and I would love your feedback on the article and my comments.
What Do IMF, Citigroup, And Sony Hacks Share?
Mathew J. Schwartz,
“Many organizations have been focusing on complying with regulations, rather than taking a top-down look at what most needs to be secured, security experts say.”
I believe this article by Mathew is right on the money. Compliance does not equal security. It is time for organizations to understand that security is not just some incessant fly they can swat away and then forget until the next time it comes back. Many of these organizations are dealing with data so sensitive that release of it can bring down governments or ruin individual lives.
Security is not a once and done. It is an ongoing, layered process that must take into account all current and emerging threats, such as smartphones, iPhones, iPads and droids – all of which come Wi-Fi enabled – meaning they can create bridges into your network even if you have not rolled out wireless.
Information Week also has a great slide show of the ten largest breaches you might find useful: