I often open a keynote presentation by noting that organizations are undergoing a fundamental shift in security strategy – moving from compliance focused, to a risk based approach. That’s still ongoing, even for large and sophisticated organizations there is still a gravity towards ‘doing it for the audit’, rather than ‘doing it because there’s risk’. […]
Tag Archives | program
I regularly get asked by new CISOs for information – benchmarks – on how much organizations like theirs should spend on security. That’s a deceptively simple question, and while there’s plenty of surveys that you can reference, none of them provide more than a rough starting point – there’s just too many variables.