[ISN] Too much infosec regulation undermines security, warns NAB

http://www.theregister.co.uk/2013/05/14/nab_warning_infosec_regulation/ By Richard Chirgwin The Register 14th May 2013 More prescriptive regulation of the security posture in industry sectors like banking could have the paradoxical impact of reducing security, according to Andrew Dell, head of IT security services at the National Australia Bank. “We have to become much more agile and proactive – how we look at, how we react to cybercrime. Our posture is changing from ‘observe and analyse’ to ‘detect and respond’,” Dell told the 2013 Trend Micro Evolve Security Conference. Banks themselves need to be agile enough to respond to new threats. However, worldwide, Dell says governments are taking an increasingly prescriptive attitude to how important infrastructure is secured. This, he suggested, creates the risk that a focus on regulatory compliance can reduce a company’s ability to respond to security threats. Dell said too much focus on defining the detail of the security a bank has to implement can detract from its ability to respond to new threats. “Regulation is increasing in its complexity each year, and keeps becoming increasingly prescriptive,” he said. “Government and regulators are getting more interested not only in how secure we are, but how we secure”. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org