Advisory Note: Working to the Business not the Auditors - 70865
Report Details
There can be many reasons to why a business embarks on a journey to improve its Information Security. There is however one reason which consistently recurs: “Because the auditors says that we need to…”
Regulatory requirements include penalties for non-compliance but this often creates a tick-box approach to compliance, rather than a considered, strategic view. Where the bare minimum of cost and effort can be made to avoid a fine, this is often seen as the most beneficial approach for the business. Clearly we need to listen to the auditors, but we neither should let the auditors take over the business transformation and change strategy, nor only rely on auditor requests for moving forward in Information Security. The Auditors should be one of many influencers to our strategy for transformation...
| Date | Title | Price | |
|---|---|---|---|
| May 02, 2014 |
Advisory Note: Working to the Business not the Auditors - 70865There can be many reasons to why a business embarks on a journey to improve its Information Security. There is however one reason which consistently recurs: “Because the auditors says that we need to…” Regulatory requirements include penalties for non-compliance but… |
€995.00 |
Get Access
|
|
|||
Latest Related Reports
Discover KuppingerCole
KuppingerCole Select
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.
Blog
Beyond simplistic: Achieving compliance through standards and interoperability
"There is always an easy solution to every problem - neat, plausible, and wrong. (H.L. Mencken) Finally, it's beginning: GDPR gains more and more visibility. Do you also get more and more GDPR-related marketing communication from IAM and security vendors, consulting firms and, ehm, analyst [...]
Latest Insights
Hot Topics
Spotlight
Learn more
Connected Consumer
When dealing with consumers and customers directly the most important asset for any forward-thinking organisation is the data provided and collected for these new type of identities. The appropriate management of consumer identities is of utmost importance. Handing over personal data to a commercial organisation the consumer typically does this with two contrasting expectations. On one hand the consumer wants to benefit from the organisation as a contract partner for goods or services. Customer-facing organizations get into direct contact with their customers today as they are accessing their [...]