• Just run down the checklist – that’s “good enough”

    21 Sep 2010

    No offense to my auditor friends/colleagues and all the hands-on auditors of the world who DO know their stuff…Here’s a new piece I wrote about one of the greatest impediments to reasonable information security in business today:

    Why do so many people buy into “checklist” audits?

    …goes back to the compliance crutch mentality that my colleague Charles Cresson Wood and I wrote about last year. Time to move on?? Looking at how we treat other things involving risk (automobiles and healthcare come to mind) I suspect we never will.

    As the saying goes good enough hardly ever is.