Over the past few years, I’ve led and been involved in many security audits on both sides of the table, which has helped me develop some insights worth sharing. Sometimes these auditing engagements are seen as something to just get through, however, there were a few organisations which really made the most of the exercise and applied the impartial information learned to gain a more accurate understanding of their real risk exposure. After all, that is the primary reason for performing these assurance activities, isn’t it? To ensure the implementation of the most relevant controls, for managing the highest rated risks, occurs within resourcing and budgetary constraints.
Getting practical security information and guidance shouldn’t be so hard. Unfortunately, sometimes it can feel that way. Yes, there may be times when you will need to bring in specialists to assist your business to meet its security needs, but there are many aspects of security which you can choose to do, even on the leanest of budgets.