Panel: Compliance does not create cybersecurity

August 25, 2011
Cyber Security, FedCyber Wire
No Comment

via Fierce Government IT

Agency CIOs are consumed with compliance and check boxes rather than focused on cybersecurity and risk management, said a Aug. 23 panel of cybersecurity experts.

“Compliance is my worst nightmare,” said David Stender, associate chief information officer at the Internal Revenue Service. “If you’re really trying to be compliant you’re spending way too much money to achieve that,” he added, while speaking at a MeriTalk event in Washington, D.C.

Real risk management means being prepared for an incident, as well as the impact of that incident on a system, explained Peter Mell, a senior computer scientist at the National Institute of Standards and Technology. “As far as I can tell, I don’t know of anybody that’s doing risk management,” said Mell.

Continued here.