Compliance is probably one of the dullest topics in cybersecurity. Let’s be honest, there’s nothing to get excited about because most people view it as a tick-box exercise. It doesn’t matter which compliance regulation you talk about – they all get a collective groan from companies whenever you start talking about it.
The thing is, compliance requirements are often being poorly written, vague and confusing. In my opinion, the confusion around compliance comes from the writing, so it’s no surprise companies are struggling, especially when they have to comply with multiple requirements simultaneously.
Poor writing is smothering compliance regulations
Take ISO 27001 as an example. Its goal is to improve a business’ information security management and its process has six-parts, which include comm ..
Support the originator by clicking the read the rest link below.
