COVID-19 has questioned the status quo of the business world. Businesses are transforming digitally and integrating newer technologies to deliver value to customers. However, digital transformation has brought unprecedented cyberthreats. And CISO MAG’s latest issue highlights why regulatory compliance is the key to address these challenges.
A recent survey of North American CISOs stated that CISOs are preparing for an average of 3.3 security compliance standard audits over the next six to 12 months. It is more important than ever for a CISO to ensure their organization is adapting to the compliance regulations like the GDPR and HIPPA.
Cloud Security Expert and NABCRMP Board Member, AJ Yawn, in “CISOs Must Declare an End to the War between Security and Compliance,” states that cybersecurity audits are viewed as “check-the-box” exercises where auditors are paid to produce a report, so the Board, executives, and interested third parties (customers and vendors) feel good about the perceived security status of the organization. It isn’t acceptable when these assessments are expensive, time-consuming, and extremely important to the bottom line.
Bryan Cline, Chief Research Officer at HITRUST, in his special feature, “Emphasize the Spirit of Compliance Over Simply Checking All the Boxes,” discusses the three levels of compliance maturity. He writes, “The correct solution involves moving beyond the binary state of the letter of compliance and, instead, striving to achieve compliance in a way that meets the intent of the regulations and standards.”
“Cybersecurity is vast, and compliance is a weird beast,” says Chaitanya Kunthe, Co-founder and Chief Operating Officer at Risk Quotient. Kunthe, in his article, “How Organizations Should Adopt Changing Compliance Standards,” talks about combining the Progression Model and Capability Maturity Model into a Hybrid Model to help CISOs understand where their frameworks currently are and how to improve them.
The articles: “SOC 2 Compliance and Cloud: What You Should Know,” by Narendra Sahoo, Founder and Director of VISTA InfoSec; and “Innovate Through Uncertainty by Managing Third-Party Risk,” by Alla Valente, Analyst at Forrester, cover the significance of SOC 2 for cloud service providers, vendors, and businesses, and the essential risk mitigation strategies for the value creation of the business, respectively.
Finally, the Cover Story of the issue titled, “How to Simplify Security and Compliance in the Cloud,” is about how Google is trying to simplify compliance for governments and the public sector in the cloud. It is written by Jeanette Manfra, Director for Government Security and Compliance, Google Cloud Office of the CISO.
We hope you enjoy reading the other articles and interviews in this issue as well.
Get your copy today: https://cisomag.eccouncil.org/magazine/
We invite you to participate in our year-end Endpoint Security Survey, the results of which will be shared in our December issue. Take Survey Now!