|
|
|
|
|
|
by shubb
3013 days ago
|
|
|
Isn't this a risk descision based on 'could I defend this against a likely prosecution'? In that kind of situation, you'll probably end up getting measured against something between 'industry normal practice', and 'industry ideal practice'. If you don't expect to actually get prosecuted or audited for compliance by a client or whatever, this probably doesn't matter much. If you do, then you should probably look at whether an infosec consultant would pay for themselves in terms of avoidng fines or winning contracts. |
|
|