Risk First Mindset in “Security First vs Compliance First” Debate

Authors

  • Pranith Shetty Information Security and Risk Lead, Cisco, New Jersey, US. Author

DOI:

https://doi.org/10.47363/JMCA/2024(3)125

Keywords:

Compliance First, Security First, Risk First Mindset, Risk Management, Striking a Balance in Security vs Compliance

Abstract

The idea of Security first vs compliance first approach has been plaguing the Cybersecurity industry and others, for a while now, Subject matter experts on both sides of the aisle have been debating and trying to make their point heard across the other side, explaining why is it that a certain approach is better than the other!. All of these points are valid and backed with facts and use cases.

 However, there is need for a unique problem solving perspective which brings together the positives from both approaches and quashes the negatives associated with each, striking a much needed balance between the two mindsets.

The seamless collaboration between various security teams, quarterbacked by the Risk management team will help the organizations in maturing towards a Risk First mindset as opposed to debating between Compliance first and / or Security First approach. This article here does a deep dive on both the Compliance and Security approaches, listing their positives and negatives, thus stepping into the Risk first approach brings clarity to the whole organization and enables everyone from staff to leadership on a singular vision of maturing the Risk posture.

Author Biography

  • Pranith Shetty, Information Security and Risk Lead, Cisco, New Jersey, US.

    Pranith Shetty, Information Security and Risk Lead, Cisco, New Jersey, US.  

Downloads

Published

2024-01-22

Issue

Vol. 3 No. 1 (2024): Volume 3 Issue 1

Section

Articles