Sunday, March 11, 2007

Should you stop at complying? Or go on to make money off of compliance??

As I mentioned sometime back - certain companies are having difficulties to get funding for their security and risk initiatives, while some are well funded already. The thing is that off the second lot, only a few use the funding wisely. Its mostly because the second set of companies (of course, fortunate to get funding) set their goals on tactical security and risk initiatives - mainly to comply with internal requirements and/or external regulatory mandates. What they are not realizing is that the funding could be used in a strategic fashion to develop and implement projects that support the organization's risk initiatives and posture. Recommendation: Use the funding wisely... do not stop at compliance. Its only one milestone and there are several others, achieving which, would help your organization in ways unimaginable.

3/11/2007 10:40:00 PM