Defense in Depth Is "Compliance Doesn't Equal Security" a Pointless Argument?
6 snips
Feb 1, 2024 Derek Fisher, Executive director of product security at JPMorgan, discusses the significance of compliance in a security program and the need to go beyond minimum standards. The podcast explores the difference between compliance and security, emphasizing compliance as the minimum viable security. It also highlights the importance of compliance in the banking industry and the collaboration within the security industry. The episode concludes with a mention of sponsor Reveal Security and a discussion about the benefits of LinkedIn.
AI Snips
Chapters
Transcript
Episode notes
Compliance Is Minimum Viable Security
- Compliance is the minimum standard that establishes a baseline for safety and legal protection.
- Jeff Belknap explains it as the cost of doing business and a floor set by law or regulators that organizations must meet.
Explain Compliance Value To The Business
- Explain compliance value to the business beyond the security team to avoid the 'we're compliant so we're done' mindset.
- Jeff recommends framing compliance as a minimum and stressing ongoing investment to build customer trust and product competitiveness.
Security Can Be A Product Differentiator
- Compliance can become a product differentiator when companies build security and privacy into their offerings.
- Derek Fisher cites Apple as an example where privacy/security became a selling point rather than just a checkbox.