Compliance is one of the most challenging set of responsibilities for any campus. The limitation of regulations (e.g., PCI DSS, HIPAA, GDPR) is that they distill security into a static set of requirements, focusing concerns on compliance and leading to a false sense of security, while hackers aren't restricted to rigidly defined methods.
Outcomes: Discern the difference between compliance and security * Understand that regulations are a minimum set of processes and controls as a starting point toward a security program * Realize that nothing precludes organizations from implementing more stringent processes and controls than what are defined in regulations
Presenters
Andrea Childress
CIO and Assistant Vice President for Information T, University of Nebraska at Kearney