Compliance vs Risk: Aligning Priorities & Prioritizing Threats
Compliance is a fundamental pillar to effective risk management at any company. However, simply complying with laws and regulations without considering the broader threat landscape can result in disaster. Certainly, a balance between compliance and risk is necessary. Ensuring compliance represents an organization's starting point, not the endgame, should be a priority. That is easier said than done, as the way most information security professionals measure risk today fails to quantify threats in terms the business can understand and use.