You basically listed ale the problems and yet failed to propose any realistic solutions. To think people don't want to use APIs or AI? Of course they do. Is it always feasible and possible to use such integrations? Of course not.
Your observations are also rather shallow , e g. EU being the regulatory superpower vs lack of standardized federal laws for privacy in the us
Since the Rainbow Series, MIL-STD-1785, and the IATF we learned as security pioneers in the public sectors that both static and dynamic elements of life cycle were required. But those who came after us in the private sectors were not mentored, trained, or apprenticed made assumptions that all requirements can be answered with just a static response or process outside of the life cycle. The revolution happened before just not heard with the lessons learned from the Rainbow Series, MIL-STD-1785, or the IATF v3.1.
Love this. And particularly the alphabet soup.
ISO 27001
ISO 27002
ISO 27005
IEC 62443
NIST CSF
NIST SP 800-53
NIST SP 800-171
CIS Controls
COBIT
ITIL
SOC 1
SOC 2
SOC 3
CSA CCM
FISMA
FedRAMP
CMMC
HIPAA Security Rule
GLBA Safeguards Rule
GDPR
ePrivacy Directive
EU Data Governance Act
EU Data Act
CCPA
CPRA
VCDPA
CPA
UCPA
HIPAA Privacy Rule
LGPD
PDPA
POPIA
PIPEDA
APPI
Basel III
CRR
CRD IV
CRD V
Dodd-Frank
SOX
MiFID II
EMIR
PSD2
PSD3
IFRS
COSO
ERM
ICAAP
ILAAP
SR 11-7
DORA
NIS2
Cyber Resilience Act
Digital Markets Act
Digital Services Act
eIDAS
eIDAS 2.0
EU AI Act
NIST AI RMF
ISO/IEC 23894
ISO/IEC 42001
OECD AI Principles
UNESCO AI Ethics
ISO 27017
ISO 27018
CSA STAR
ENS
BSI C5
HITRUST
HITECH
PCI DSS
PCI PIN
PCI P2PE
NERC CIP
IEC 62351
ISO 26262
UNECE R155
UNECE R156
ISO 22301
ISO 22316
ISO 31000
ISO 15489
ISO 37301
ISAE 3402
CSRD
ESRS
TCFD
GRI
SASB
CDP
EU Taxonomy
You basically listed ale the problems and yet failed to propose any realistic solutions. To think people don't want to use APIs or AI? Of course they do. Is it always feasible and possible to use such integrations? Of course not.
Your observations are also rather shallow , e g. EU being the regulatory superpower vs lack of standardized federal laws for privacy in the us
Excellent post
Since the Rainbow Series, MIL-STD-1785, and the IATF we learned as security pioneers in the public sectors that both static and dynamic elements of life cycle were required. But those who came after us in the private sectors were not mentored, trained, or apprenticed made assumptions that all requirements can be answered with just a static response or process outside of the life cycle. The revolution happened before just not heard with the lessons learned from the Rainbow Series, MIL-STD-1785, or the IATF v3.1.