There is an uncomfortable truth that many organizations are not conducting comprehensive assessments of their information security risk; or those that do aren’t getting much value out of assessment exercises — because they simply don’t know how.
Given the massive amounts of data organizations hold, accurately assessing these risks is difficult. So is determining how to best control them once they are identified. That’s especially needed for businesses in highly regulated industries that can face stiff penalties for security violations.
Most organizations are subject to some regulation, whether over-arching directives like PCI for credit card data, GDPR for personal data about European citizens or the pending CCPA for personal data about California residents; while certain industries may have unique regulati ..
Support the originator by clicking the read the rest link below.
