How to Improve Cybersecurity Compliance With Real-Time Data and Automation | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Digital enterprises are grappling with an increasing number of compliance requirements and data regulations. There are geographic data privacy standards, varying by country and state, as well as industry-specific compliance regulations to adhere to. As governing bodies continue to issue new cybersecurity compliance frameworks, there is an escalating degree of complexity to manage.

In theory, reaching compliance should equate to improved security, but compliance audits often rely on outdated information and leave gaps exposed — it can be challenging to understand or validate their accuracy. And when a breach occurs, the responsibility often lands on the shoulders of CISOs, who may face termination or forced resignation depending on the exploit’s severity. (This may explain why CISOs are in such short supply these days.)

I recently met with Igor Volovich, VP of Compliance Strategy for cybersecurity compliance firm Qmulos, to learn more about the issues plaguing modern compliance procedures. According to Volovich, most organizations view compliance as just another hurdle, not something that actually helps improve security. Compliance checks are also manual, cumbersome and, surprisingly, rely on a lot of word-of-mouth accounts.

To Volovich, compliance needs data-driven, real-time analysis that is more automated and factual. Below, we’ll analyze the state of many compliance efforts and consider ways to make them run better.

Understanding the State of Compliance

These days, organizations must comply with many types of standards and regulations. Critical infrastructure is constantly a target for bad actors, which has influenced governing bodies, such as the National Institute of Standards and Technology (NIST) and the Cybersecurity and Infrastructure Security Agency (CISA), to introduce hardened cybersecurity frameworks.

Businesses also have industry-specific guidelines to follow, such as the Payment Card Industry Data Security Standard (PCI DSS), which describes common threat ..

Support the originator by clicking the read the rest link below.