In order to improve the overall security of your IT infrastructure, a blog post by Trevor Niblock at ioactive.com suggests some interesting points about compliance, controls and assessing risks. It is important to understand that compliance doesn’t guarantee security but you must validate it. For instance, don’t get lost in a policy framework but instead focus on implementing, and then validating. Test the effectiveness of your plans and work with agencies that are there to assist you with their knowledge and expertise.
Read the full article here - http://blog.ioactive.com/2013/01/energy-security-2013-less-say-more-do.html