Don’t rely only on checkboxes to insure security. That’s been the warning of security “evangelists” for some time, notes Risk Management Monitor, and it’s wise never to forget the advice. “They warn that if you focus too much on the list of requirements, you’re bound to miss risks that may not actually be covered in rules and regulations.”
Reality is ever-changing. A ComputerWorld article referenced by RM Monitor notes that “just 17 percent of organizations have what they consider a mature risk management program–i.e. one that goes beyond ticking off items on an audit list. (And that, we’d note, likely goes not only for computers, but for operations in general.) So get out there, look around and do some dire imagining. Your facility will be safer for it.