Chapter 7. Compliance

For the past few years, the word compliance has been showing up all over the security landscape. Product brochures are filled with buzzwords and promises to help companies comply with the regulation of the day. Although I agree that there is a lot of hype around the topic, the compliance wave has caused some interesting and good progress in the computer security arena. Companies are being forced to invest money in security and compliance. Significant monetary motivations are involved. Noncompliance can result in fines and, in some cases, even time behind bars for company executives.

During the first quarter of 2007, a set of terms—governance, risk, and compliance (GRC)—started showing up. In a lot of cases, it even replaced ...

Get Applied Security Visualization now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.