The pressure to keep expenses and resource costs down continues to build. The risk to our business has not disappeared by any stretch of the imagination. There are external, internal, and socially-driven threats, constant changes to how business is conducted, a multitude of technologies available for securing systems and data, various regulations and laws describing how to protect systems and data, and never-ending audits to ensure that some level of action is being taken – all flying at us from every angle at break-neck speeds.

How and where does an organization begin to secure their systems and data? What does success look like; how can it accurately and confidently state that it conducts its business securely? More importantly -- what’s the risk for it not knowing either end of this spectrum?

Read the full article at Computer Technology Review.

Article by: Sean Martin, CISSP