There are several Information Security Standards in the marketplace that are designed to assist information technology security (ITS) practitioners in protecting their organisation’s information and systems.
I argue, and have done for many years, that they actually do quite the opposite. They confuse practitioners and do not work towards the (assumed) goal of improving information security.
In this month’s guest blog for CSO I detail how relying on the generalised solutions suggested by these standards may leave your business exposed to risk, which could have been avoided with more practical and specific guidance. In Part 2, we will look at privacy and risk standards and what you can do to make sure you achieve better security outcomes.
Click here to read my blog on the CSO website.
Are you looking for more practical and specific guidance on how to work out the appropriate level of security for your organisation? If so, contact one of the Linus team today.