Don’t Let Compliance Drive Your Security Focus

Corporate security initiatives focus too much on the compliance side, according to a recent report.

“The Value of Corporate Secrets,” recently published by RSA/Microsoft/Forrester Research, claims that companies spend close to half of their security budgets on compliance-driven security projects because of regulatory pressures, but that the other kind of data – proprietary secrets – are twice as valuable.

In an article on the Information Security Magazine website, Michael S. Mimoso says, “Compliance-driven security is being forced upon most of you, and it’s an approach that’s totally contrary to what you should be doing.” The custodial losses that compliance focuses on, such as a lost USB stick or Smartphone, he says, are mostly accidental. Companies should adopt a more data-centric approach to security to protect their financial forecasts, competitive analysis, proprietary research, source code and other strategic documents.

“Even theft of credit card numbers and other personally identifiable information that could lead to identity theft, which are costly to companies in terms of breach notification mandates,” he says, “aren’t as damaging as the theft of pharmaceutical formulas or engineering blueprints would be.”

To read the Information Security article, click here:,296894,sid14_gci1514229_mem1,00.html