|
|
|
|
|
|
by johngalt
1071 days ago
|
|
|
Agree 100% with this and your other comments. These frameworks often create risks by obscuring reality behind procedure. Sucking up all the air that would go towards more direct security objectives. Businesses think they are done with cybersecurity because they are done with the checklist. Believing we are safe because a non-technical auditor said so, can be a risky spot. Specially if that is used to overrule subject matter experts. |
|
|