Tuesday, November 11, 2008

Compliance is the fuel for InfoSec initiatives ?

The law is a strong whip to crack when you need to get people in line and the need to comply with the law of the land where you are from and the law of the land where you work increases the stress levels of individuals and organizations.

It is a known fact that IT, IS, Governance, IT Risk Mgt are always short changed in terms of funding. However, it is also known that Compliance requirements are disposed off with no thought of expense. Consider the billions spent on SOX compliance which could have been saved substantially if these very corporations had a semblance of Security / Governance / Risk Management best practices in place !!

But no ! They all had to build it all from scratch and in doing so they spent millions, nay they spent billions.

Having spent this money, they sat back and waited for the next compliance need since the 'SOX project' was over. Well we now see that they did not learn anything from SOXing their corporations since everything was done just for the sake of doing it and not for the spirit. Else they would have been able to discover the fact that the banking system was rotten within and would not be able to survive another few years.

Dear reader, you know all about Enron and WorldCom. Well they just screwed a few pension funds and a few thousand employees. They did not bring the financial system to collapse point. They did not bring G-8 and G-x government heads together to pump billions into the system. Their collapse did not bring about a global meltdown. Their collapse did not screw investors worldwide, it did not butcher governments, trade, manufacturing, support etc etc.

I think a few thousand billions have already been poured into this black hole and they are still crying for more.

Well coming back to Compliance - it is time to take advantage of this whip and turn the whiplash into a pat on the back. Time to move ahead of the pack and turn this "requirement" into a strength and extract a pound for every penny spent.

Welcome to the thought of Unified Compliance or Integrated Compliance or whatever you may call it.

I had made a presentation ICAI in India, and at iSAFE in Dubai last month in October. Follow the link to download these, if you are interested.

No comments: