Not having a security architecture
It seems like we read about an IT security infraction just about every day. This ought to be somewhat surprising, given the large amounts of emphasis placed on security over the past 25 years as measured by industry research, investments, resources, equipment, training, courses, certifications and books dedicated to the topic.
The problem is that most companies lack a comprehensive architectural framework for the uniform and organized treatment of all aspects of IT security.
[ Read more ]