About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
NSPW 2008
Conference paper
Security compliance: The next frontier in security research
Abstract
Practitioners as well as researchers have repeatedly deplored that IT security research has failed to produce practical solutions to growing security threats. This paper attributes this failure to the fact that IT departments no longer invest in security as an ideal. Rather, money is being spent on technologies that enable compliance with security requirements. Academia has not embraced this shift in perspective and still tries to "sell" security when organizations seek to "buy" compliance. This disconnect has lead to research that fails to improve real-world security because it is not embraced in the market place. The conclusion drawn in this paper is that academia needs to complement current security research by additional research into security compliance. To encourage more work in this relatively new direction, the paper describes the major compliance research challenges that await solutions. Copyright 2008 ACM.