Think Information. Think Security.
 
Picture
Like most clients, they claimed a number of reasons to postpone this work:  cash flow, timing, budget restrictions, pending new projects, disruption to other projects, and the time required by management and staff.

Sounding sincere to address these compliance and security issues, yet  despite of claiming to believe compliance and security work is important, clients usually minimize their concerns about risk. After all, they say, as they’ve grown their business, the risks have never materialized, and they really need to put their cash into the growth of the business.

As a business owner, there are times you must make risky decisions, However, these risky decisions should be made with a sincere evaluation and acceptance of the risks, not by turning a convenient blind-eye and manufacturing emotional justification.

Too many leaders become overwhelmed by the size of the risks they have created, or allowed to be created, over time. When these issues become obvious, the most common response is to push all these risks into the back of a dark closet where they can be ignored, where they can be put out of sight and out of mind. 

If a problem develops from these ignored compliance and security risks, it will be the business that pays the cost, whether it be cash, distraction, reputation, and, perhaps even, sanctions. Perhaps some risks are worth taking, but in most cases there are leaders acknowledge the true risks and actual consequences. Apparently ignorance is bliss even when the ignorance is by choice.

Cross-posted from: Security Dark Reading



Leave a Reply.