A security manager needs a philosophy about how to address security issues, and I find that many elements of mine can be reduced to a few words that almost amount to mantras: “Obey the rule of least privilege,” “A company is only as strong as its weakest link,” “Security is a process, not a point solution” and “Trust but verify.”
This week I added a new mantra: “Compliance does not equal security.”
Source: COMPUTER WORLD