When the auditors come around

摘要

Compliance seemed the dominating topic at this year's recent Infosec World Conference & Expo in Florida. An abundance of confounding issues for information security pros were covered. Unsurprisingly, though, most talks were sprinkled with mentions of conforming to mandates. That's simply because the problem of maintaining compliance with innumerable industry, state and federal rules is a multi-pronged challenge that's bound to get more complex. Moving beyond a theoretical notion of compliance, as most information security practitioners have learned already, involves what is often noted as a holistic approach. But choosing the right morsels to take with them on this dense forest path is no walk in the park. IT security pros might as well slap on a little red riding hood and hope they don't meet up with the big, bad wolf.