[j45]

Agreed.. still, assessing security preparedness, risk management is the basis of drumming up sales.

The blind spot of this type of consulting sales is security is ultimately relative to a foundation of technical implementation, not just policy or process alone.

Management who prioritize funding ensuring policies are in place doesn't guarantee the technical security that is put in place is sound.

It's as much a case of knowing more than your customers, but not enough.

Maybe it's a short coming of technologists to not be more prominently be providing this more than accounting firms looking to widen their existing spectrum in the audit/process field.

Still, the question remains, should technical security implementation be designed, overseen and implemented by accounting firms?