I try to talk to lots of people who are in IT and especially in security. I like to get a feel for what is going on in various organizations with respect to security. I'm curious about who has a grasp on what security really is and who has no clue. I've discovered that there are lots of companies who really have a very limited view of security and who only practice basic security. They do just enough to get by and make the auditors happy. As we all know security is not achieved by being compliant.
At the Andy IT Guy blog.
[ Read more ]