For me, I think we've all known this since NIST stood up the Computer Security Resource Center in the early 90's.
My desktop "short list of things to fix" has thirty-two major topics on it, 50% people and process, 50% web services and plain old security "POS".
The one thing they all have in common is the ROI & ENTROPY Impact: little or no cost, high risk because of internal change requirements, high ROI. If it was easy, anyone could do it.
We are all in this together.
DHS asks for YOUR help
No comments:
Post a Comment