CyberSecurityTips #27: What happens when we have competing governance requirements?

The short answer: Choose and base your controls on the strictest of the competing requirements.


The longer answer: Make sure to map out your requirements across your assets, data, operations and personnel. As some requirements are very specific towards a certain area of information security, it may be that only parts of your data or operations would need to comply. While there are not that many mappings across jurisdictional areas, it may be worth to start with the likes of Cloud Security Alliance CCM (https://cloudsecurityalliance.org/research/cloud-controls-matrix/)