December 11, 2016





Generally, there are three different approaches to implementing cybersecurity. Each approach is described briefly below.


Compliance-based: Also known as standards-based security, this approach relies on regulations or standards to determine security implementations. Controls are implemented regardless of their applicability or necessity, which often leads to a “checklist” attitude toward security.


 Risk-based: Risk-based security relies on identifying the unique risk a particular organization faces and designing and implementing security controls to address that risk above and beyond the entity’s risk tolerance and business needs.


 Ad hoc: An ad hoc approach simply implements security with no particular rationale or criteria. Ad hoc implementations may be driven by vendor marketing, or they may reflect insufficient subject matter expertise, knowledge or training when designing and implementing safeguards.


In reality, most organizations with mature security programs use a combination of risk-based and compliance-based approaches. In fact, most standards or regulations such as the Payment Card Industry Data Security Standard (PCIDSS) or the US Health Insurance Portability and Accountability Act (HIPAA) require risk assessments to drive the particular implementation of the required controls.


Share on Facebook
Share on Twitter
Please reload

Featured Posts
Recent Posts
Please reload

Please reload

Search By Tags
Please reload

Follow Us
  • Twitter Social Icon
  • LinkedIn Social Icon

Safe Decision Co. | Intelligent Solutions...  For Safe World



Please reload


+966 11 2266124

7144 Uthman Ibn Affan Rd ­An Nada Ar Riyadh 13317- ­4442 Kingdom of Saudi Arabia

Second floor- Office (17)

  • Black Twitter Icon
  • Black LinkedIn Icon
Copyright © 2016 - 2020 by Safe Decision Co.