Agile companies do things faster. When you think about agile regarding lean startup model, you focus on quick wins, ruthless prioritization, external focus, and continuous improvement. At its core, agile development relies on continuous testing leading to continuous improvement. In cybersecurity, continuous monitoring enables an agile continuous compliance stance.

The first step to cybersecurity compliance lies in creating controls. Nearly every standard or regulation requires you to establish policies, procedures, and protocols. However, the adage holds: “actions speak louder than words.” Ensuring that everyone within the organization complies with policies and procedures can sometimes be a more formidable process than creating them.

While automated tools often enable your compliance management system (CMS), the CMS is less a technology and more a corporate compliance program. A compliance management system looks like a series of policies, procedures, and processes governing all compliance efforts. However, as more companies embed technology across the enterprise and more compliance requirements focus on cybersecurity, information security integrates across the CMS.

Let’s get one thing out there from the get-go. Being a Bulletproof consultant is awesome. I haven’t been coerced to say that. I mean, let’s start with that brand name. How cool is it to say I work for Bulletproof? I have several T-shirts with the logo emblazoned across the chest. Sometimes, I even wear them on a non-work day.

The recent hack on British Airways is alarming to say the least, and it’s not just because roughly 380,000 payment cards were compromised. British Airways is a huge company earning millions each year. These sorts of companies are heavily regulated and are required to be Level 1 PCI complaint (the highest level of compliance).

We recently discussed data security requirements for federal contractors and now we are doing a deeper dive into one of the trickier compliance factors: reporting cyber incidents.