When Security Controls Give Less Control

Security risks in our organisation are usually risks we want to treat. To achieve this, security professionals turn to implementing so-called controls. This is a word loaded with promise. Of course we want control, especially with the growing amount of cyber uncertainty. But do the techniques we use for controlling risk necessarily result in actual control?

Competent people are needed to reap the benefits of technical controls.

Continue reading “When Security Controls Give Less Control”