Difference between revisions of "Compliance"
From MgmtWiki
(→Context) |
(→Context) |
||
| (9 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
==Context== | ==Context== | ||
| − | Humor from the New Yorker<ref>Ian Frazier, ''Shouts and Murmurs''. | + | Humor from the New Yorker<ref>Ian Frazier, ''Shouts and Murmurs''. (2018-10-22) The New Yorker https://www.newyorker.com/magazine/2018/10/22/ask-the-compliance-expert?mbid=nl_Daily%20101518&CNDID=42580115</ref> |
| − | + | Q: I am pursuing due diligence regarding the accepted best practices having to do with theft. When I’m stealing parts from my neighbor’s car, how do I remain fully compliant and not go outside the bounds of the law? | |
| − | + | A: Let me answer your question with a question: Have you been caught? If not, for all practical purposes you are in compliance. | |
| − | |||
| − | A: Let me answer your question with a question: Have you been caught? If not, for all practical purposes you are in compliance. | ||
==Problems== | ==Problems== | ||
| + | *Compliance is relative. It is best to understand the context in which [[Compliance]] is claimed. | ||
| + | *Health insurer Anthem announced in September 2013 that it had been certified as compliant with the HITRUST Common Security Framework. Then it revealed in February 2015 that it had fallen victim to a breach that exposed data on nearly 79 million individuals. And in a report released last week, federal regulators said the cyberattackers likely began their intrusions in February 2014, about five months after the insurer achieved HITRUST certification. <ref>Marianne Kolbasuk McGee , ''Analysis: Did Anthem's Security 'Certification' Have Value?'' Bank Info Security https://www.bankinfosecurity.com/analysis-did-anthems-security-certification-have-value-a-11634</ref> | ||
==Solutions== | ==Solutions== | ||
| − | + | *For compliance to have any real meaning for users it must be accompanied by an on-going [[Risk Assessment]] by those who are expert in the field. | |
| + | See these wiki pages: | ||
| + | *[[Trust]] | ||
| + | *[[User Trust of a Web Site]] | ||
==References== | ==References== | ||
| − | Merriam Webster 3rd | + | <references /> |
| + | *Merriam Webster 3rd | ||
[[Category:Glossary]] | [[Category:Glossary]] | ||
Latest revision as of 22:08, 11 November 2018
Full Title or Meme
Conformity in fulfilling official requirements.
Context
Humor from the New Yorker[1]
Q: I am pursuing due diligence regarding the accepted best practices having to do with theft. When I’m stealing parts from my neighbor’s car, how do I remain fully compliant and not go outside the bounds of the law? A: Let me answer your question with a question: Have you been caught? If not, for all practical purposes you are in compliance.
Problems
- Compliance is relative. It is best to understand the context in which Compliance is claimed.
- Health insurer Anthem announced in September 2013 that it had been certified as compliant with the HITRUST Common Security Framework. Then it revealed in February 2015 that it had fallen victim to a breach that exposed data on nearly 79 million individuals. And in a report released last week, federal regulators said the cyberattackers likely began their intrusions in February 2014, about five months after the insurer achieved HITRUST certification. [2]
Solutions
- For compliance to have any real meaning for users it must be accompanied by an on-going Risk Assessment by those who are expert in the field.
See these wiki pages:
References
- ↑ Ian Frazier, Shouts and Murmurs. (2018-10-22) The New Yorker https://www.newyorker.com/magazine/2018/10/22/ask-the-compliance-expert?mbid=nl_Daily%20101518&CNDID=42580115
- ↑ Marianne Kolbasuk McGee , Analysis: Did Anthem's Security 'Certification' Have Value? Bank Info Security https://www.bankinfosecurity.com/analysis-did-anthems-security-certification-have-value-a-11634
- Merriam Webster 3rd
