As more and more organizations face an ever-expanding number of compliance initiatives, both large and small firms are spending more than ever.

The challenge is to figure out where to begin with compliance efforts and how to estimate the work, cost and risk associated with those efforts. It might seem counterintuitive that organizations are spending more on compliance given the current economic downturn, but one reason is straightforward - these organizations recognize that although being compliant does not always equate to being secure, the end result of compliance is often a more secure, less risky business.

Typically the security holes plugged by being compliant are the ones that would put an organization at risk for breach, direct theft and fines for non-compliance if left unplugged. And while the number of compliance initiatives is growing, it is interesting to note that many of these initiatives tend to call for the same controls.