Advisory Note: Working to the Business not the Auditors - 70865
Report Details
There can be many reasons to why a business embarks on a journey to improve its Information Security. There is however one reason which consistently recurs: “Because the auditors says that we need to…”
Regulatory requirements include penalties for non-compliance but this often creates a tick-box approach to compliance, rather than a considered, strategic view. Where the bare minimum of cost and effort can be made to avoid a fine, this is often seen as the most beneficial approach for the business. Clearly we need to listen to the auditors, but we neither should let the auditors take over the business transformation and change strategy, nor only rely on auditor requests for moving forward in Information Security. The Auditors should be one of many influencers to our strategy for transformation...
| Date | Title | Price | |
|---|---|---|---|
| May 02, 2014 |
Advisory Note: Working to the Business not the Auditors - 70865There can be many reasons to why a business embarks on a journey to improve its Information Security. There is however one reason which consistently recurs: “Because the auditors says that we need to…” Regulatory requirements include penalties for non-compliance but… |
€995.00
excl. VAT
|
Get Access
|
INVOICE
|
|||
Latest Related Reports
Discover KuppingerCole
KuppingerCole Select
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.
Blog
RSA’s 2018 Conference Starts Bi-Polar and Ends with a Minor Breach
It is a world of great turmoil and considerable fear amidst incredible human progress. No wonder the RSA keynotes seemed bi-polar - mixing fear one moment, hope and inspiration the next. RSA opened with a somber act from rapper poet Kevin Olusola to the conference theme: "Now [...]
Latest Insights
Hot Topics
Spotlight
Learn more
Privacy & the European Data Protection Regulation
The EU GDPR (General Data Protection Regulation), becoming effective May 25, 2018, will have a global impact not only on data privacy, but on the interaction between businesses and their customers and consumers. Organizations must not restrict their GDPR initiatives to technical changes in consent management or PII protection, but need to review how they onboard customers and consumers and how to convince these of giving consent, but also review the amount and purposes of PII they collect. The impact of GDPR on businesses will be far bigger than most currently expect. [...]