Most industries are under regulatory pressure, so they take a compliance-driven approach to security to meet minimum requirements.. But compliance requirements are often static and prescriptive, according to security executives..
Source: A Risk-Driven Approach to Security, From Check Boxes to Risk Management Frameworks