No offense to my auditor friends/colleagues and all the hands-on auditors of the world who DO know their stuff…Here’s a new piece I wrote about one of the greatest impediments to reasonable information security in business today:
Why do so many people buy into “checklist” audits?
…goes back to the compliance crutch mentality that my colleague Charles Cresson Wood and I wrote about last year. Time to move on?? Looking at how we treat other things involving risk (automobiles and healthcare come to mind) I suspect we never will.
As the saying goes good enough hardly ever is.