3      0

(ISC)² Security Congress 2021 - Career Center & Recordings

1778686 - Translating Compliance - The importance of Effectively Bridging Technology and Audit Speak

Oct 20, 2021 11:45am ‐ Oct 20, 2021 1:00pm

Credits: None available.


Compliance means conforming to rules, such as specifications, policies, regulations or standards and laws. As information security professionals, we know that things are not black and white and that controls, however well intended, may break a system or render it unable to perform it's business function. But how do we make sure that we understand the true intent behind a control in order to effectively demonstrate compliance? Where engineers are left not understanding a control's intent or unable to effectively explain mitigating controls, auditors have a hard time breaking down the components of a control to make them understandable. Each scenario can lead to false positives and erroneous findings. Let's explore how to effectively translate between technology speak and audit jargon.

Learning Objectives:
  • Define the gaps in understanding that accompany failing controls.
  • List the common pitfalls in effectively communicating a compliance need.
  • Effectively challenge vague and indistinct controls in order to build a stronger control framework.


  • Caroline Saxon, CISSP, CCME, KCP, Director, Information Security Compliance, CoreCivic
Tags: Intermediate


  • 1.25 - CPE

You must be logged in and own this session in order to post comments.

Ian Mills
11/13/21 4:42 pm

Thank you for the presentation!