It’s relatively simple:
- Know what you’ve got
- Understand how it’s at risk
- Do something about it
It’s numbers 2 and 3 that so many people have trouble with. The reality is you cannot secure what you don’t acknowledge. You most certainly cannot secure the big areas when the CIO is actually getting in the way.
Lots of politics and moving parts here. I’m not surprised at all to see these attacks.