Join us for a friendly debate on why compliance is so misunderstood and the critical role it plays in determining overall security posture.
PLEASE NOTE. Certificates of Completion for CPE credit are not available for viewing of archived webinars. For all OCEG certification holders, viewing of archived webinars will be automatically tracked and recorded in your Certification Dashboard on your Profile on the OCEG site and will count toward OCEG certification CPE requirements only.
We’ve all heard the argument that compliance doesn’t equate to security. It’s rooted in the fact that security leaders must go beyond “checking the compliance box” by broadly examining the risk surface and the various bad actors and threats we encounter. Regulations and frameworks just cannot keep up.
So, no, just being compliant does not make a company secure. But here is where the paradox sets in, without compliance you also cannot be secure. This paradox is created because in discussions peers, pundits and others in the community do not discuss which type of compliance they are referring to when they discuss this topic. In compliance there are actually 3 types! Two little “c” and the BIG C.
Here are the 3:
Regulatory Compliance - really is just another risk as it relates to the potential of being fined for being non compliance
Framework Compliance - This is part of the Big C compliance. Organizations select frameworks that help guide their compliance programs
And finally the BIG C. The C in GRC, the organization’s entire compliance program
Chris and Praj will debate and discuss this “paradox” of compliance vs security and the importance of the BIG C and why without Compliance you also cannot truly be secure. Attendees will be able to apply this understanding to their own programs and how to find the right balance between compliance and security in their organizations.
Recognize the difference between compliance and security, and why without compliance, an organization cannot be truly secure
Define the different types of compliance that an organization needs to address
Identify the right mix between compliance and security in their organizations
Chris “Cpat” Patteson, Field Risk Officer, LogicGate
Praj Prayag-Deb, Director, Information Risk & Internal Controls, Horizon Media