Successful information security organizations are often invisible; security is a pervasive but not onerous part of the company culture, process, and technology. Data, people and other important assets are protected, but still dynamic. Does this sound like your company? Probably not … unfortunately, this agile organizational mecca is rare. Too many information security organizations have a philosophy of “risk elimination”, which leads to the proliferation of granular risk measurement process and tools that require significant […]