In this episode of GRC & Me, Megan Phee teams up again with Razorthorn's Managing Director and Principal Security Consultant, James (Jim) Rees — catch the first part of their discussion on Razorthorn's podcast. In this episode, they discuss the ever-changing complexities of compliance, how regulatory models ask for consistency, and some quick wins for information security officers.
In this episode you’ll hear about:
- How the Payment Card Industry Data Security Standard (PCI DSS) was born out of credit card companies not taking security seriously and needing a baseline standard.
- Compliance is only getting more complex; it never relaxes because most models require consistent, ongoing activities and reporting.
- GRC is becoming an important aspect of how to manage your security programs and a large chunk of that now is really driven by the need for compliance.
- Some of the things to consider when starting your InfoSec journey:
-
- You have to understand the business and what it does, how it generates revenue, and its critical assets.
- Get a complete technical and business rundown of the organization. Understand how your defense in depth is built from a technical and governance sense.
- Tracking doesn’t have to be done manually. Invest in a GRC platform that helps keep all of your data in one place so you can easily track and refer back to data.
Make sure to check out the full podcast episode and hear all of Jim’s quick wins here: