|
|
|
|
|
|
by richbell
1222 days ago
|
|
|
Anecdotally, I know of at least one large FI that tells auditors it's doing x, y, and z for security, when in reality their security practices are abysmal. They spend $1MM a year on a vendor product that in theory does x, y, z (though quite badly), install it on a server, and then never think about it again. I've had important projects canceled because executives go 'oh we already have $tool this project is a waste of time'. I demonstrate that $tool hasn't been updated in a decade, has 0 users, and is completely ineffective, and how the project will address these issues. They respond 'oh we already have $tool this project is a waste of time'. |
|
|