Explore the relationship between compliance and security in this 53-minute conference talk from Central Ohio Infosec 2015. Delve into the question of whether compliance equals security, examining high-profile breaches like Anthem and analyzing data breach statistics. Learn about achieving and maintaining compliance with standards such as PCI and HIPAA, including time-based requirements and OCR pilot audits. Examine case studies and the threat of ram scrapers. Gain insights into developing a secure compliance program, covering aspects like the NIF Security Framework, awareness training, sensitive data control, and critical security controls. Discover recommendations for building an effective compliance management program that enhances overall security posture.
Overview
Syllabus
Intro
The obvious question
Does compliance equal security
PCI does not cure stupid
The year of the breach
Anthem
Breach Report
Data Breach Statistics
Breach Statistics
Achieving and Maintaining Compliance
PCI
TimeBased Requirements
PCI Breach Report
HIPAA
OCR pilot audits
Case Study 1
Case Study 2
Ram Scrapers
Recommendations
Program Development
NIF Security Framework
Awareness Training
Sensitive Data Control
Critical Security Controls
Develop a Compliance Management Program
