Friday, July 29, 2011

Weatherford speaks out on Compliance vs. Security

There's a lot to like in NERC CSO Mark Weatherford's new GovTech column on compliance vs. security in the energy sector, but my favorite part was the final paragraph:
Achieving a high level of security maturity and being compliant within a regulatory environment requires one fundamental component — a strategic vision for security. A strategic plan for achieving both your compliance mission and the overall corporate security goals should be complementary. But that’s a topic for a future column.
"Strategic plan" that melds security and compliance - absolutely yes. Make one or get one if you don't already have one. But "security maturity"? Let's have more on that. Definitely will be keeping an eye open for Mark's future piece.

The full article is HERE. And BTW, if you didn't catch it last month, a much longer and yet brilliant talk was given on this topic by a gentleman from FERC. Go HERE for a link to the SGSB post on it, as well as for the full transcript.

No comments: