2. commence compliance testing of KPIs (from metrics in endorsed security standards)
3. no-one is compliant with standards, umm, oooer
4. put KPIs into KPXs and into KRXs and into KRIs
5. Suprise Suprise, the Key Risks and fixes are pretty much what you expect user access management, secure configuration of nfrastructure, secure application development processes
5. present shocking KRIs to executive, along with plan of activities to improve KRIs, include dates of which KRIs will improve and cost/effort estimates
6. Cajole and Educate executive
7. Budget approved!
8. Drink beer
0 comments:
Post a Comment