The Root of the Compliance vs Security Paradox

Sponsored by LogicGate

January 19 - 18:00 until 19:00

(GMT | Greenwich Mean Time)


This event qualifies for 1 CPE credit accredited by GRC Certify if you meet the completion criteria (50 minutes of attendance and answer 100% of polls presented). Credit is automatically tracked to your certifications and recorded on your CPE Transcript.

Join us for a friendly debate on why compliance is so misunderstood and the critical role it plays in determining overall security posture.

We’ve all heard the argument that compliance doesn’t equate to security. It’s rooted in the fact that security leaders must go beyond “checking the compliance box” by broadly examining the risk surface and the various bad actors and threats we encounter. Regulations and frameworks just cannot keep up.

So, no, just being compliant does not make a company secure. But here is where the paradox sets in, without compliance you also cannot be secure. This paradox is created because in discussions peers, pundits and others in the community do not discuss which type of compliance they are referring to when they discuss this topic. In compliance there are actually 3 types! Two little “c” and the BIG C.

Here are the 3:

Regulatory Compliance - really is just another risk as it relates to the potential of being fined for being non compliance

Framework Compliance - This is part of the Big C compliance. Organizations select frameworks that help guide their compliance programs

And finally the BIG C. The C in GRC, the organization’s entire compliance program

Chris and Praj will debate and discuss this “paradox” of compliance vs security and the importance of the BIG C and why without Compliance you also cannot truly be secure. Attendees will be able to apply this understanding to their own programs and how to find the right balance between compliance and security in their organizations.

Learning Objectives:

  • Recognize the difference between compliance and security, and why without compliance, an organization cannot be truly secure
  • Define the different types of compliance that an organization needs to address
  • Identify the right mix between compliance and security in their organizations


  • Chris “Cpat” Patteson, Field Risk Officer, LogicGate
  • Praj Prayag-Deb, Director, Information Risk & Internal Controls, Horizon Media

Additional Information:

Field of Study: Management Services

Prerequisites: None

Advanced Preparation: None

Program Level: Basic

Delivery Method: Group Internet Based

CPE Credit Notice

This is a group internet-based event for NASBA authorized continuing education credit. OCEG webinars are free for anyone to attend, but only Attendees who have an OCEG All Access Pass will receive a Certificate of Completion for the webinar indicating 1 hour of CPE credit.

OCEG is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have the final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: For information regarding administrative issues such as complaints or refunds, please contact OCEG at

Back to top