8      0

1778686 - Translating Compliance - The importance of Effectively Bridging Technology and Audit Speak

‐ Oct 20, 2021 12:00pm

Compliance means conforming to rules, such as specifications, policies, regulations or standards and laws. As information security professionals, we know that things are not black and white and that controls, however well intended, may break a system or render it unable to perform it's business function. But how do we make sure that we understand the true intent behind a control in order to effectively demonstrate compliance? Where engineers are left not understanding a control's intent or unable to effectively explain mitigating controls, auditors have a hard time breaking down the components of a control to make them understandable. Each scenario can lead to false positives and erroneous findings. Let's explore how to effectively translate between technology speak and audit jargon.

Learning Objectives:

  • Define the gaps in understanding that accompany failing controls.
  • List the common pitfalls in effectively communicating a compliance need.
  • Effectively challenge vague and indistinct controls in order to build a stronger control framework.




You must be logged in and own this session in order to post comments.

Ian Mills
11/13/21 4:42 pm

Thank you for the presentation!