Today, I have attended IIA's Ottawa training session which focused on Asset Protection and Security( AP & S). Two mantras stuck on my head by the time we were done :
The first is:" AP & S is largely based on trust!"
The second:" Being compliant does not mean being secure "
While I agree with the second, I have trouble with the first!
The examples of trust provided during the session made me more skeptical ( i.e I trust you because A trusts you and I trust A )!
Trust is good, but it is not enough and certainly does not provide security.
Trust, but verify!
Trust.but monitor!
Trust, but don't be naive!
In God we trust, others will be audited!
What do you think?
The first is:" AP & S is largely based on trust!"
The second:" Being compliant does not mean being secure "
While I agree with the second, I have trouble with the first!
The examples of trust provided during the session made me more skeptical ( i.e I trust you because A trusts you and I trust A )!
Trust is good, but it is not enough and certainly does not provide security.
Trust, but verify!
Trust.but monitor!
Trust, but don't be naive!
In God we trust, others will be audited!
What do you think?
No comments:
Post a Comment