Menu Close Menu

Menu

Account
Premium

The Root of the Compliance vs Security Paradox Recording

Watch Webinar Recording Download Slides

View original event info

Join us for a friendly debate on why compliance is so misunderstood and the critical role it plays in determining overall security posture.

PLEASE NOTE. Certificates of Completion for CPE credit are not available for viewing of archived webinars. For all OCEG certification holders, viewing of archived webinars will be automatically tracked and recorded in your Certification Dashboard on your Profile on the OCEG site and will count toward OCEG certification CPE requirements only.

We’ve all heard the argument that compliance doesn’t equate to security. It’s rooted in the fact that security leaders must go beyond “checking the compliance box” by broadly examining the risk surface and the various bad actors and threats we encounter. Regulations and frameworks just cannot keep up.

So, no, just being compliant does not make a company secure. But here is where the paradox sets in, without compliance you also cannot be secure. This paradox is created because in discussions peers, pundits and others in the community do not discuss which type of compliance they are referring to when they discuss this topic. In compliance there are actually 3 types! Two little “c” and the BIG C.

Here are the 3:

Regulatory Compliance - really is just another risk as it relates to the potential of being fined for being non compliance

Framework Compliance - This is part of the Big C compliance. Organizations select frameworks that help guide their compliance programs

And finally the BIG C. The C in GRC, the organization’s entire compliance program

Chris and Praj will debate and discuss this “paradox” of compliance vs security and the importance of the BIG C and why without Compliance you also cannot truly be secure. Attendees will be able to apply this understanding to their own programs and how to find the right balance between compliance and security in their organizations.

Learning Objectives:

  • Recognize the difference between compliance and security, and why without compliance, an organization cannot be truly secure
  • Define the different types of compliance that an organization needs to address
  • Identify the right mix between compliance and security in their organizations

Speakers:

  • Chris “Cpat” Patteson, Field Risk Officer, LogicGate
  • Praj Prayag-Deb, Director, Information Risk & Internal Controls, Horizon Media

Related Resources
Back to top
OCEG © 2002 - 2024 OCEG

Terms of Service

Privacy Policy

support@oceg.org

Contact Us

Information & Billing:
+1 (602) 234-9278

Principled Performance, Driving Principled Performance, Putting Principles Into Practice, OCEG, GRC360°, ActiveLearning, EventDay and LeanGRC are registered trademarks of OCEG.

Protector Skillset, Protector Mindset, Protector Code, Lines of Accountability, GRC Professional, GRCP, GRC Fundamentals, GRC Auditor, GRCA, GRC Audit Fundamentals, Data Privacy Fundamentals, Integrated Data Privacy Professional, IDPP, Policy Management Fundamentals, Integrated Policy Management Professional, IPMP, Integrated Audit & Assurance Professional, IAAP, Integrated Governance & Oversight Professional, IGOP, Integrated Strategy & Performance Professional, ISPP, Integrated Risk Management Professional, IRMP, Integrated Decision Management Professional, IDMP, Integrated Compliance & Ethics Professional, ICEP, Integrated Business Continuity Professional, IBCP, Integrated Information Security Professional, IISP are trademarks of OCEG.