May 2021
Beginner
160 pages
4h 31m
English
Content preview from Start-Up Secure
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
CHAPTER NINECompliance
You have 20 seconds to comply.
– ED-209, Robocop
WHEN A COMPANY IS REQUIRED or chooses to be compliant with a specific standard or framework it is important to understand what compliance means. After completing your first audit, regardless of the standard, and receiving some type of certification or official document you can have an overwhelming feeling of relief and that you are finished. This is not the case. Becoming compliant with a standard can lure you into a false sense of security. Compliance is meant to hold a minimum standard for a sustained period of time. Doing so does not necessarily mean your company is secure.
Nearly all cybersecurity compliance standards and regulations have some form of exception acceptance. It can be time-consuming and costly to achieve a flawless audit and may not benefit you or your customers by having zero exceptions. And just as there are exceptions for audits, there are exceptions to the fact that you may need to have a flawless audit depending on your industry. Highly regulated industries like healthcare, finance, and government contractors in some cases have no choice.
It seems today you can't swing an Ethernet cable without hitting a company that must comply with some type of government regulation or industry compliance requirement. While they have the best intentions, the road to a significant data breach is paved with the best intentions. No regulation or industry compliance advisory board will ever be able ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.