There is a growing concern that the fear of meeting section 404 compliance requirements, may cause organizations to over invest in security controls that are not appropriate given the business needs of the organization. This highlights the need to gain a measured and objective view of how technology risk should be managed in the context of organizational risk. Through objective measurement, organizations can make informed decisions that are based upon fact, not opinions or FUD (fear, uncertainty and doubt).
Comments