December 08, 2009 — CSO —

There is an ever-increasing pressure for security executives to be a champion of compliance within their respective organizations. Given that there seem to be new or changing compliance requirements emerging on a fairly regular basis, this can be viewed as both a blessing and a curse.

As our government acquires increasing financial interests in some private business sectors, this trend may continue to escalate.

The blessing is that in some instances it gives the security function some additional leverage to drive results and deliver greater overall value. The curse is that the regulatory compliance requirements just add to the already voluminous amount of reactionary items that already exist on the security executive's plate. The security function is an area of responsibility that already has far too many variables that cause reactionary behavior if permitted. In some organizations this additional set of variables can be the straw that breaks the camel's back.

Great article from CSO magazine talking about how organizations just chase their tails with the regulatory framework of the month and should instead build a information security framework that is more comprehensive and proactive.