If we study to get just good grades; we may or may not learn. However, if we study to learn; we will always get good grades.
The mission of an information security in an organization must be to protect and safeguard the company’s assets like customer information or intellectual properties. Objective of a compliance and risk management in an organization is to measure the success rate of information security team’s mission. If the mission of an information security team becomes to be compliant with regulation and other internal & external governance bodies; the company’s asset may or may not be protected.
Have we ever thought about why we go fast (relatively speaking) in a car? Because, we could and the cars are capable of going in high speed; but if you think deep; the reason why we go fast in car is because we have breaks.
When we go fast and do not have systematic brakes; then it is called extreme sports. We don’t want to run an established organization as an extreme sport. As an organization; we need to go in high speed but we need to have systematic way of controlling the speed with a proven brake system.
Information security, compliance, risk management teams exist in an organization to execute projects & programs faster.