When it comes to information security there are about as many opinions on the subject as there are network hosts in any given organization. Everyone has his own definition of “secure” yet it’s such a difficult thing that cannot truly be quantified. So, when management, auditors, business partners, and customers come asking about how secure your environment is, what do you think of?, what do you say? How do you even define the word? It’s a really tough thing but one thing is for sure it’s different in every situation.
- The information risks have been identified.
- The risks have been prioritized.
- Management is on board with the risks and has allocated the appropriate resources to address them.