Information Security or Regulation Compliance: What's the Best Response?

Tuesday, October 15 | 1:15PM–2:15PM CT | Board 302, Poster Area, Halls F1, F2, Level 3
Session Type: Poster Session
Delivery Format: Poster Session
Compliance is one of the most challenging set of responsibilities for any campus. The limitation of regulations (e.g., PCI DSS, HIPAA, GDPR) is that they distill security into a static set of requirements, focusing concerns on compliance and leading to a false sense of security, while hackers aren't restricted to rigidly defined methods.

Outcomes: Discern the difference between compliance and security * Understand that regulations are a minimum set of processes and controls as a starting point toward a security program * Realize that nothing precludes organizations from implementing more stringent processes and controls than what are defined in regulations


  • Andrea Childress

    CIO and Assistant Vice President for Information T, University of Nebraska at Kearney
  • Ron King