Trust Economics

A Computer Weekly article discusses comments made by RSA’s Art Coviello during the RSA Europe Conference 2008. Discussion focuses on Coviello’s view that an urgency to comply with industry regulations is distracting security practitioners from those security projects which may serve the ambitions of the organisation. As the article puts it, “regulation has to be focused on an intended result and not on a prescriptive list of controls”.
These comments highlight the need to consider how the implementation of industry regulations must be approached on a per-organisational basis, so as to benefit an organisation in its pursuit of specific productivity targets without putting unnecessary barriers in the path of the activities that ultimately contribute to those targets. Furthermore, a reasoned and transparent consideration at board-level of how regulatory compliance should be approached would help to clarify instances where resources are being diverted away from security projects towards compliance procedures.