Security professionals must toe the delicate line of assessing and responding to legitimate risk and being mindful of an organization's needs. Working in their favor is belief that protecting sensitive data is a fundamental component of any business operation.
Poor implementation planning and a lack of real understanding of compliance requirements doom many companies to compliance project lifecycles of unrealistic expectations, expensive implementations and disappointment in the results.
