Podcast: Play in New Window | Download
Subscribe: Apple Podcasts | Google Podcasts | Stitchers |
TechSpective Podcast Episode 103
Security equals compliance. Assuming that’s effective security, at least in theory.
But compliance is not necessarily the same as security.
Qmulos’ VP of Compliance Strategy, Igor Volovich, joins us for this episode to discuss the goals and limitations of our compliance framework and efforts. Some elements of cybersecurity compliance are in the “eyes of the beholder,” so to speak. Volovich shares some great insights on separating data from opinion and the pitfalls of basing compliance on subjective opinions about the environment.
In most cases, even a compliance audit or report is just a snapshot in time. Regardless of how secure or compliant it was at the time the audit was conducted, it doesn’t tell us anything meaningful about its current security or compliance. This is one reason why focusing on passing compliance audits is a poor strategy. A focus on effective cybersecurity means you’re more likely to stay safe in your day-to-day, and as an added bonus, you’re also much more likely to be compliant.
Watch full episodes of discussions on cybersecurity compliance. This includes the accountability tendency of cybersecurity executives to sign off without understanding or validating that compliance audits are accurate.
The podcast itself is audio only, but videos of the conversations are available on YouTube if you prefer.
Ask questions or share your thoughts on the topic in the comments below. Also, subscribe to his TechSpective Podcast from your favorite podcast platform to share the podcast with your peers and friends.
If you enjoy the podcast, please take 2 minutes to rate and review the podcast on iTunes or wherever you listen to it.