Compliance is a key driver for deployment of IT security controls, and many organizations are pursuing automation to improve accuracy and lower costs of fulfilling requirements. Automating controls is not just laudable – it's essential for finding and fixing a myriad of vulnerabilities that enable criminals to breach enterprise IT, disrupt electronic business processes, and steal confidential business and customer data. But automation alone is not a panacea for compliance. Organizations must also associate deployment of automated security solutions with common sense operational strategies to ensure success.

At the most basic level, there is no single standardized framework or terminology that explicitly defines what your organization must do for compliance. Instead, there are many frameworks with conflicting requirements. Terminology is often vague or interpreted differently within organizations and between geographic regions. Ambiguity abounds due to lack of a universal philosophy of compliance. A big challenge for security professionals is navigating this ambiguity, especially when financial auditing terms such as Governance, Risk and Compliance (GRC) are loosely applied to IT security solutions. Let the buyer beware! This guide describes seven typical mistakes of IT security compliance and how you can use these lessons to help your organization achieve its compliance goals.