What crack are they smoking?
@krypt3ia@infosec.exchange I do see a move away from any RealSecurityβ’
and a move towards check-mark compliance potentially even accelerated by all the regulatory compliance requirements - While said requirements COULD have been used to improve security posture they are effectively starving effective measures (and thereby current best practices) further increasing security poverty.
"Compliance-sizing: the act of replacing highly skilled and educated cyber security professionals with auditors.
β¦Or just overwhelming said professionals with sheer amounts of useless βcontrolsβ developed by people with no real understanding of how Threat Actors operate"
@itisiboller@infosec.exchange @krypt3ia@infosec.exchange One way I try to wrangle this is I challenge my GRC colleagues to reflect on the question:
"What have I done today to make a threat actor's job more difficult?"
@itisiboller@infosec.exchange @krypt3ia@infosec.exchange I think Martin has mostly nailed it here.
The OP is by someone busy trying to convince themselves of an effective move to functional compliance.
@neurovagrant@masto.deoan.org @itisiboller@infosec.exchange Compliance, has always been a fuckaround where real actionable security measures are concerned. It's lip service, specifically since most regulations have lacked any teeth whatsoever to penalize those who are not even trying to do the right things (HIPAA etc)
@neurovagrant@masto.deoan.org @itisiboller@infosec.exchange Compliance, has always been a fuckaround where real actionable security measures are concerned. It's lip service, specifically since most regulations have lacked any teeth whatsoever to penalize those who are not even trying to do the right things (HIPAA etc)
@neurovagrant@masto.deoan.org @itisiboller@infosec.exchange It's become an ecology of cyber insurance and check box auditing, oops, we lost all your personal data to crims, here's a year of credit monitoring, you'll be fine.
@neurovagrant@masto.deoan.org @itisiboller@infosec.exchange It's become an ecology of cyber insurance and check box auditing, oops, we lost all your personal data to crims, here's a year of credit monitoring, you'll be fine.
Krypt3ia
Martin Boller :debian: :tux: :freebsd: :windows: :mastodon:
