|
|
|
|
|
|
by infosecdude64
2580 days ago
|
|
|
It depends on the industry and their regulatory obligations as well as their risk tolerance. Defense and Finance should have a 3 strikes rule for specific role within their orgs that produce the greatest risk. Health care would be next up and may or may not benefit from a 3 strike rule. I think a better question would be is Sr Leadership supporting the security and risk mgmt teams in developing proper training as well as implementing and spending the money on the proper controls to help reduce the risk to the end user of being spear phished? |
|
|