Compliance vs Security

Compliance depends on the type of data that a corporation manages and stores, and what legal standards contribute to its security. An organization’s primary purpose is to mitigate risk which goes beyond intelligence resources. Today, it is important to combat cybercrime because:

  • Cybercrime can result in massive financial losses for an organization.
  • Cybercrime leads to the loss of consumer confidence which can affect a company’s sales and overall profits.
  • Cybercrime also leads to the theft of intellectual property rights of an organization.

Compliance is not the top priority or obligation of a security team, despite being a vital business necessity. Protection may require physical controls as well, for instance, who has access to a network. Ethical principles and equipment offered by professional manufacturers make security easier than enforcement. On the other hand, compliance can be interrelated and depends on its data form and protection processes.

Compliance studies the security protocols of a company. It outlines their safety at a single time and compares it to a particular set of procedural guidelines. These criteria come in the form of laws, business rules, or procedures based on best experiences. The mechanisms for compliance involve, Health Insurance Portability and Accountability Act and Sarbanes Oxley Act


Health Insurance Portability and Accountability Act refers to businesses in the health insurance sector. It governs how organizations can treat and protect confidential medical records about customers. HIPAA enforcement allows companies who administer this sort of information to do so securely


The Sarbanes-Oxley Act (also called SOX) refers to the administrative management and care of publicly owned company financial information. It determines what data needs processing or ensures safe storage. It also details the regulation of the degradation, falsification, and modification of records.

Security, on the other hand, covers three main aspects of a business.

  • Devices
  • Networks
  • Users


The personal computer that connects to a business network could upload unauthorized coding into the network. Additionally, clicking on an inappropriate email attachment will lead to the device being affected by rapidly spreading malware. Phishing threats have known signatures that make them identifiable and avoidable. 

Segmenting the computer, customers, and all institutions with access to the network limits malicious software transmission. Additionally, the use of anti-viruses helps block hackers from accessing personal information.


Careless consumers are a severe danger to every business. They don’t know when the hacking process is taking place, and they do not even realize they’re facilitating an online assault. Phishing emails are now accountable for 91% of active cyber-attacks. 

Training the mindfulness of users will help to restrict harmless and risky acts. Education will improve safety if workers are aware of the dangers inherent in their everyday use of technology.

Creating a single structure, an association of security and compliance is the first step towards risk mitigation in a comprehensive and regulated fashion. A compliance unit would set up systemic controls and cybersecurity training to secure information data. 

And so, the Enforcement Committee will verify that they are performing as expected. This form of partnership would ensure that security measures do not deteriorate and that the necessary paperwork and records are available for auditing.

Chris Turn

Chris Turn is the pseudonym of a journalist and writer who has published short stories, essays, and criticism in the Los Angeles Times, the Globe and Mail, the Toronto Star, and the New York Times. Her most recent book, a novel, is The Summoning (The HarperCollins Canada, 2014). She lives with her husband in Toronto.

Related Articles

Back to top button