Here’s a brief excerpt:

Security professionals are governed by many regulatory standards. Whether FISMA, HIPAA, GLBA, SOX or PCI DSS, these standards serve to provide a baseline for implementing and managing security. But the need to comply with these guidelines is not enough to keep enterprises safe. Organizations must go beyond compliance standards to create a stronger security posture. Most of these standards were created well over six years ago, and their purpose was to provide a minimal level of security to protect sensitive information, not an in-depth strategy to address all enterprises risks.

To stay ahead of evolving threats, organizations must take a more proactive approach by developing a security framework specific to their operations. Such a framework should range beyond compliance guidelines to encompass several other basic principles, including defense through diversity, proactive security strategies, addressing layer 8 (users), and defining the framework. In this tip, we’ll review each of those concepts.