Haiku #7 Compliance and security

OWASP, COBIT, NIST

HIPAA, HITRUST, SOX…Controls

Are only the start

Compliance and security are certainly partners, but neither is a complete solution unto itself.

The idea that meeting a HIPAA checklist or a HITRUST checklist is even remotely close to security would be comical if it weren’t so tragic. First, HIPAA is a broad law and it doesn’t in any way stipulate the tools necessary to comply with its standards. Laws are necessarily flexible. Considering it can take years or even decades to…