Recently I was browsing through my linkedin profile and I see lot number of security professionals drawn towards this question:
What comes first Compliance or Security?
I have given a long thought on this question and I asked myself few more questions pertaining to the above question:
1> Can an organisation be secure without a compliance? Answer is reasonably simple yes.
2> does man secures himself or searches for compliance when in wild? obviously Security
on contrary I also asked myself questions to contradict above answers
1> How can an organisation find itself secure without a framework? a compliance is necessary
2> How can a large society function without a framework? yes its necessary.
But again I thought, let's bring it down to basics
1> what would I require to keep my data safe? security
2> how could I say that my data is safe in the current security? a compliance
Aha...so, I believe security must be build before we go for compliance or compliance auditing.
However, from above we can also conclude that security and compliance should complement each other to build a strong security and to strategize spending of limited budget.
What comes first Compliance or Security?
I have given a long thought on this question and I asked myself few more questions pertaining to the above question:
1> Can an organisation be secure without a compliance? Answer is reasonably simple yes.
2> does man secures himself or searches for compliance when in wild? obviously Security
on contrary I also asked myself questions to contradict above answers
1> How can an organisation find itself secure without a framework? a compliance is necessary
2> How can a large society function without a framework? yes its necessary.
But again I thought, let's bring it down to basics
1> what would I require to keep my data safe? security
2> how could I say that my data is safe in the current security? a compliance
Aha...so, I believe security must be build before we go for compliance or compliance auditing.
However, from above we can also conclude that security and compliance should complement each other to build a strong security and to strategize spending of limited budget.