In our previous episode we referenced not being in business to be compliant. Of course, that doesn't mean that compliance is never important; in some instances, it is critical to maintaining a licence to operate in an industry or market.

Compliance isn’t a mission, a purpose or a goal. Compliance provides some fenceposts, an approach to measurement, and in many cases a degree of reassurance. But is compliance alone sufficient to protect our organisations? How does a compliance led approach compare to a security led approach?

In this episode we discuss compliance and how it relates to information security, whose interests it serves, and the value business driven security can deliver beyond compliance.