Everybody is talking about the cost of non-compliance. But what about the enormous cost of achieving compliance? For many, that cost seems to make the assurance of being compliant seem hardly worthwhile (think insurance). You wouldn’t pay $20,000/yr. for homeowners insurance that covers up to $100k/yr. …especially when the threat of catastophe seems unlikely.
The bottom line - there are better ways to approach the problem. If you’re laying out every regulation and trying to map some control in your environment to each of the requirements, you’re probably paying way too much in both cost and effort. Simplify by taking a multi-regulatory approach. And (of course) leverage pragmatic solutions that cut costs to acheive the same goal. Spending what amounts to some large percentage of the potential threat cost is not your only option! That’s the idea behind SIMON.
