IT Auditing Compliance Reports

The Role of the IT Audit in Reducing Security Risk

Generally speaking, IT audits historically focused on identifying shortfalls in regulatory compliance, but without the authority to help select an appropriate mitigation when security shortcomings are discovered. For auditors to achieve any real improvements in reducing security risk, the auditors themselves need a broader mission and better training so that they…

Regulatory Compliance Is Not Security

Security awareness operates on a principle where companies are only willing to fix their problems when they are being fined, or when their lack of security lands them in the newspaper. But, just as memories fade in time, the commitment to security fades quickly when breaches blow over and everyone moves on. Hopefully, more companies will begin to realize that regulatory compliance and IT security are not necessarily the same things.