There is a difference between compliance with a standard and true data security. Compliance is simply meeting a standard at a particular point in time. For some standards, an IT manager need only to go through a checklist, ticking off various tasks. Just because a task is “completed,” however, it doesn’t mean that it was completed correctly or, for that matter, completed at all.
For example, several security standards today require that companies install and maintain a firewall. Some standards are more prescriptive than others to define what needs to be set and how, while other standards simply state that Web applications filters, for example, need to be installed.
Ideally, security decisions will be part of a company’s overall senior management business strategy rather than an IT line item that carries the same weight as whether or not to buy new printers this year. And simply complying with a security standard does not, in and of itself, make a company secure.
Companies should build their security infrastructure to meet the demands of the company’s needs, not just to pass a security or standards audit. For more information on disaster recovery and backup, visit http://www.genie9.com