Security vs.
Compliance
By:
Peter Gregory and Bruce Lobree
Which would you rather be, Secure or
Compliant
Who we are
Peter H. Gregory, CISA, CRISC, CISSP, DRCE, CCSK
Risk Analyst and Manager
Concur Technologies, Inc.
Peter H. Gregory is the author of over 25 books on security and technology, including Solaris
Security, CISSP Guide to Security Essentials and CISA All-In-One Exam Guide. Gregory is a
contributor to Software Magazine, the lead instructor for the University of Washington
certificate program in information systems security, and on the board of advisers for the UW
certificate program in information security and risk management. He is also on the board of
directors for the Washington State chapter of InfraGard and a 2008 graduate of the FBI
Citizens Academy.
Bruce Lobree, CISSP, CISM, CIPP, ISA
Senior Risk Management Analyst
Nintendo of America
Bruce has worked in the Security industry for over 20 years. His roles have included
responsibility for Security programs from the level of individual contributor up to and
including Global responsibilities for major institutions at an executive level. His experience
includes working in financial institutions, utilities, retail industry and insurance companies.
His practical experience includes building security architectures and programs from the
ground up for both internal operations, client focused and web based systems. He has coauthored books on CISSP training and written articles for publication in several major
journals.
Insert your Security Slides here
Source:
Ray Pompon
What standards and auditors
require us to do
(“compliance”)
What we need to
do to be secure
(“security”)
Compliance
The Attorney General wants what?