Security auditors in my experience care nothing about the problems of how some measures they deem “best practice” will be implemented. How much administration and infrastructure cost it would entail.
The law of diminishing returns usually applies to IT systems. Protecting against the blatant and obvious security issues is usually easy and inexpensive to do.
Protecting against the esoteric attack methods that some boffins in their labs propose as “possible” is usually completely infeasible in the real world.
-
- Contact us
- About the community
- FAQs
- Terms of service
- © CHOICE 2018