Abstract
A threat actor does not care about the law, compliance, regulations, and security best practices. In fact, they are hopeful that your organization is lax on many of these specifications and frameworks to leverage them for malicious intent. While regulatory compliance is designed to provide legally binding guidelines for industries and governments, they do not provide the necessary means to stay secure. Compliance does not equal security. Regulatory compliance measures are enforced guidance toward good cybersecurity hygiene, but implementing them without good processes, people, training, and diligence will leave you susceptible to a breach. Therefore, when reviewing leading regulatory compliance initiatives, consider the following:
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
MITRE ATT&CK—https://attack.mitre.org/
- 2.
MITRE ATT&CK Enterprise Tactics—https://attack.mitre.org/tactics/enterprise/
- 3.
Technical ID for Enterprise Tactics—https://attack.mitre.org/tactics/TA0001/
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2020 Morey J. Haber
About this chapter
Cite this chapter
Haber, M.J. (2020). Regulatory Compliance. In: Privileged Attack Vectors. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-5914-6_20
Download citation
DOI: https://doi.org/10.1007/978-1-4842-5914-6_20
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-5913-9
Online ISBN: 978-1-4842-5914-6
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books