---
id: "prereq-compliance-frameworks"
type: "prereq"
source_timestamps: ["§ Compliance Isn't Security"]
tags: ["regulation"]
related: ["concept-compliance-security-conflation"]
reason: "Required to grasp the authors' critique that these regulations are time-intensive but provide marginal operational security value."
sources: ["governance"]
sourceVaultSlug: "hbr-seg-governance"
originDay: 7
articleStem: "hbr-cl-83-boards-cybersecurity"
sourceUrl: "https://hbr.org/2026/04/boards-are-falling-short-on-cybersecurity"
sourceTitle: "Boards Are Falling Short on Cybersecurity"
---
# Familiarity with Cybersecurity Regulations

## Prerequisite

A baseline awareness of the current regulatory environment around cybersecurity — e.g., **SEC disclosure rules, GDPR, and industry-specific mandates** — and the bureaucratic processes (dashboards, attestations, box-checking) they entail.

## Why it matters

Required to grasp the authors' critique that these regulations are **time-intensive but provide marginal operational-security value** — the mechanism at the heart of [[concept-compliance-security-conflation]]. Without knowing what compliance *work* looks like, the reader cannot judge the claim that it is a distraction from resilience.
