Conclusion: Security leaders should approach security frameworks as a challenge to how the organisation secures its information assets. So, security leaders should be able to defend adherence, or variation, from any point on a chosen framework. Variance may be critical for business function, but the security leader needs to know this and be able to articulate it. This is not an argument for non-compliance, but toward a deep understanding of business requirements – and being able to defend this position to internal and external auditors.

Existing Client Login

Please complete all required fields!

This advisory paper is only available to IBRS advisory clients. To find out more about becoming an IBRS advisory client complete the attached form and we will be in touch.

Name^*

Please let us know your name.

Email^*

Please let us know your email address.

Number^*

Please enter a valid phone number

Subscribe to IBRS InTouch for weekly updates outlining content and insights from our advisors Invalid Input

^*

I consent to IBRS collecting my details through this form.

Invalid Input

Invalid Input

Read more ...