Turning Compliance Into Tangible Security
Compliance and security are supposedly about risk management. Both seek to reduce the chances that threats and their risks will be able to successfully exploit a target. But they are imperceptibly different in a single way that has huge consequences. This article is about how to most efficiently turn compliance into real computer security risk reduction.