|
|
|
|
|
|
by walrus01
1245 days ago
|
|
|
> Which brings me to the point: Compliance isn't just there to cargocult and boxtick. It's there because, left to their own devices, most organisations/sub-organisations will end up, at pinnacle-best, half-assing security. I have to agree with you because I have seen first hand how many ordinary office workers, if left to their own devices and not given any other tool that they're mandated to use, will happily and blithely do things like store shared credentials/passwords in an Office365 Excel sheet that everyone in the company has access to. It's the role of the infosec people to set up something better and work with the C-levels to ensure that its usage is mandated, and people are not sneakily bypassing its use or sharing credentials for expediency's sake. |
|
|