Risk & Compliance

The risk approach is predictive, and compliance is prescriptive. An organization's approach to risk changes is typically proactive, whereas new compliance requirements can take a reactive approach. The viewpoint of risk is that there are gray areas that can be addressed; however, in the compliance realm, issues are seen in black and white: The adaption to threats in risk is typically fast, and the adaption rate in regulatory agencies is usually slow. Compliance is often seen as a starting point for security, while risk can take on continuous improvement.