Erich Winkler (@cybersecerich): "Compliance is not security. You can tick every box on the audit checklist and still be completely vulnerable. Why? Because compliance meets minimum requirements. Security reduces real-world risk. The standards are generic. They don't know your threat landscape. And they don…"

Compliance is not security.

You can tick every box on the audit checklist and still be completely vulnerable.

Why?

Because compliance meets minimum requirements.

Security reduces real-world risk.

The standards are generic. They don't know your threat landscape. And they don't keep up with the speed attackers operate at.

5 more myths like this here.

Decoded Security

6 Myths That Are Killing Corporate Cybersecurity

May 12

5:40 AM