http://www.theregister.co.uk/2013/05/14/nab_warning_infosec_regulation/
By Richard Chirgwin
The Register
14th May 2013
More prescriptive regulation of the security posture in industry sectors
like banking could have the paradoxical impact of reducing security,
according to Andrew Dell, head of IT security services at the National
Australia Bank.
“We have to become much more agile and proactive – how we look at, how
we react to cybercrime. Our posture is changing from 'observe and
analyse' to 'detect and respond',” Dell told the 2013 Trend Micro Evolve
Security Conference.
Banks themselves need to be agile enough to respond to new threats.
However, worldwide, Dell says governments are taking an increasingly
prescriptive attitude to how important infrastructure is secured. This,
he suggested, creates the risk that a focus on regulatory compliance can
reduce a company's ability to respond to security threats. Dell said too
much focus on defining the detail of the security a bank has to
implement can detract from its ability to respond to new threats.
“Regulation is increasing in its complexity each year, and keeps
becoming increasingly prescriptive,” he said. “Government and regulators
are getting more interested not only in how secure we are, but how we
secure”.
[...]
______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org
