Making regulatory compliance the primary driver for corporate information security projects isn't a good idea.
Using it as a strategy for increasing security investments – common among U.S. companies – could actually weaken enterprise defenses in the long run, according to Ray Wagner, vice-president for information security and privacy research at analyst firm Gartner Inc., based in Stamford, Conn.
But Canadian companies don't seem to be getting caught in the compliance web, according to one enterprise security expert.
One reason for this is regulatory requirements in Canada are not quite as intense as U.S. compliance regulations, such as Sarbanes-Oxley, said Marcus Shields, enterprise product manager for Toronto-based security vendor Soltrus Inc., a Canadian affiliate of VeriSign Inc.
See full Article.
Posts
