Enterprises are spending huge amounts of money on compliance programs related
to PCI-DSS, HIPAA and other regulations, but those funds may be misdirected in
light of the priorities of most information security programs, a new study has
found.

A

paper by Forrester Research
, commissioned by Microsoft and RSA, the security
division of EMC, found that even though corporate intellectual property
comprises 62 percent of a given company's data assets, most of the focus of
their security programs is on compliance with various regulations. The study
found that enterprise security managers know what their companies' true data
assets are, but find that their security programs are driven mainly by
compliance, rather than protection.

Оставить мнение