Security News > 2021 > November > Illuminating the path: Compliance as the key to security-by-design
The result of these "Efforts" is often a slapped-together, ad-hoc project that may very well get the job done in the moment, but it doesn't adhere to any sort of best practices, does little to benefit future compliance undertakings, and misses a huge opportunity to bake-in security from the start.
As a result, companies lose out on the opportunity to effectively bolster security and security best practices.
Without a dedicated security persona in place, which is often the case in many smaller to medium-sized companies, no one is tasked with ensuring that the new hire is aware of their security responsibilities in relation to the data the company holds.
With SOC 2 or ISO 27001 regardless of whether there is a mature security team in place, the company must establish, and adhere to, an onboarding process as part of its Human Resource Policy and Procedure that clearly outlines how employees must be briefed on their security responsibilities when being onboarded.
Without the backing and encouragement of a solid security team, R&D teams tend to develop without taking security concerns into consideration.
Using compliance frameworks as a guide, it really is possible to establish and uphold a security-by-design methodology and ensure that security best-practices are incorporated into all aspects of compliance activities.
News URL
https://www.helpnetsecurity.com/2021/11/17/compliance-security-by-design/
Related news
- AWS security essentials for managing compliance, data protection, and threat detection (source)
- CISOs in 2025: Balancing security, compliance, and accountability (source)
- Navigating the compliance labyrinth: A CSO’s guide to scaling security (source)
- Key steps to scaling automated compliance while maintaining security (source)