While security and privacy assessments were once a “check the box” annual activity, that’s no longer the case. While these compliance processes can be seen as a burden at times, organizations can benefit from them and communicate to their customers what they’ve done and the impact it has on them.
Seeing as the security and risk department is tasked with so much, it’s important to tap into the right governance, risk, and compliance tools to help with the workload, says Doug Barbin, principal at Schellman & Company, a top 100 CPA firm that specializes in cybersecurity and IT audit certifications and assessments. He’s familiar with the growing responsibilities the modern-day security professional faces, and how compliance doesn’t lighten the load.
“In security you’re tasked with the impossible…keeping up with changes and technology, keeping up with changes with what the threat actors are doing and what the bad guys are trying to do, and now you’ve got compliance on top of it which adds an additional level of complexity,” Barbin told InfoSec Insider during a recent interview shot at the InfoSec World Conference & Expo.
In the full video interview below, Barbin discusses the challenges that security professionals face when it comes to security and privacy assessments, but also provides tips on which assessments bring in the most return on investment.