A CIO once quipped, "Security isn't hard, compliance is." And in fact many companies focus their security efforts on meeting compliance requirements. But if you are audit compliant, have you in fact addressed all of your risks, or are you just kidding yourself? Is it better to focus on the risks presuming that doing so will cover you off on the compliance side? Network World Editor in Chief put the question to two practitioners, both of whom come down on the side of risk.
- Cisco bug lets anyone login to network as admin with a blank password
- Intel ships new Spectre patches: Kaby Lake and Coffee Lake now, Sandy Bridge next
- As NDB kicks in, be careful of overcompensating for past security inaction
- On the eve of game-changing NDB scheme, 59 percent of businesses still don’t understand it
- Google reveals kernel, Windows 10 security bypasses fixed in February’s Patch Tuesday