We often look to standards compliance as a mark of significant achievement. We demand attestation from our vendors and business partners. From a purely compliance and risk management standpoint, there is some merit to utilizing a standards-based approach. Certifications look good on paper and limit investigations from 3rd parties, but does this approach make us more or less secure?
1. Learn the back story behind the development of security standards designed to improve large populations of industry assets
2. Understand the differences between security and compliance and the implications of confusing the two
3. Learn methods to move beyond the typical security program approaches that yield little to no results towards their objectives
4. Identify ways to instill a greater purpose into those designing and building critical assets making the entire security program more effective