When it comes to cyber, information, IT (or whatever you choose to prefix it with) security, where do you draw a compliant and cost-effective line? Where, between gold-plated and the status quo, is good enough?
The why, what, how and what next of security policies. Now with a riposte from Phil Huggins who provoked this post and the linked articles by questioning the value of traditional written document sets
With a dramatic increase in cyber security legislation and regulation brewing, how is that relationship with regulators going? Is it positive and productive or divisive and dictatorial?