Approach to Cybersecurity: Compliance VS Threat

Approach to Cybersecurity: Compliance VS Threat

It seems that everyday new regulations or standards are being released by various bodies in what is seemingly an endless attempt to provide confidence against ever increasing pace of Cyber warfare.  Two questions come to mind: How effective has compliance been?  How do attackers view compliance controls?


Threats come in various forms – but are largely separated by motive, capability and intent.  In most cases they will not care about compliance or their controls, which will result in the less sophisticated attacks being thwarted by such defenses. The interesting point is that more mature threat actors are probably actually using compliance achievement as a part of reconnaissance to help them understand their target and exploit areas where compliance controls are not required to attain accreditation – now that changes the game!

The differences in the approaches  can be summarized as:

table - compliance vs threat

Sure compliance has it place and is required, as it at least lifts security to a minimum level. However, I’d argue organisations really need to mature their view to a threat based approach to Cybersecurity and then compliance will naturally come.


Tags: ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: