|
|
|
|
|
|
by xenity7
3186 days ago
|
|
|
There are different types of consulting services - you could assess many parts of someone's cyber security preparedness without knowing technical details about security, as weird as that sounds. Does management make it a priority?
Is there appropriate funding?
Are the correct policies in place? And so on. Of course, if you ignore th and technical details you will have very serious issues. That said, you shouldn't send a super technical security expert to interview executives about their culture around cyber - the expert will find it boring/beneath them, the execs won't like the expert... etc |
|
|
The blind spot of this type of consulting sales is security is ultimately relative to a foundation of technical implementation, not just policy or process alone.
Management who prioritize funding ensuring policies are in place doesn't guarantee the technical security that is put in place is sound.
It's as much a case of knowing more than your customers, but not enough.
Maybe it's a short coming of technologists to not be more prominently be providing this more than accounting firms looking to widen their existing spectrum in the audit/process field.
Still, the question remains, should technical security implementation be designed, overseen and implemented by accounting firms?