You can't secure what you don't acknowledge.SM

Tuesday, September 21, 2010

Just run down the checklist - that's "good enough"

No offense to my auditor friends/colleagues and all the hands-on auditors of the world who DO know their stuff...Here's a new piece I wrote about one of the greatest impediments to reasonable information security in business today:

Why do so many people buy into “checklist” audits?

...goes back to the compliance crutch mentality that my colleague Charles Cresson Wood and I wrote about last year. Time to move on?? Looking at how we treat other things involving risk (automobiles and healthcare come to mind) I suspect we never will.

As the saying goes good enough hardly ever is.

No comments:

Post a Comment