Now hear this: You will always have exposure.

No company has the ability to mitigate all risks at all times. No company I’ve ever visited has even had all of its identified risks treated at any given point.

Yet so many companies lead their security strategy with controls. They’ll make sizable investments in security appliances without fully understanding why the appliance is required. They’ll implement their controls without documentation of what the actual risks are and how they’re being treated.

Read the full article published January 11, 2018 here: http://www.securityweek.com/risky-business-part-2-why-you-need-risk-treatment-plan by Security Week.