Abstract
It is not uncommon for IT executive management to require sufficient time to review and digest the findings of a security or disaster recovery risk assessment or the recommendations of a follow-on remediation plan. This is normal and is to be expected. Security remediation or the institution of a disaster recovery plan is costly and resource intensive. But soon a milestone is passed and the security consultant realizes that by the time any action is to be taken by executive management, the findings of the assessment have decayed and the information from several months ago can no longer serve as the information for decision making today. In some instances, consultants have observed management, prompted by audit findings and resulting hard implementation dates, attempting to suddenly act on assessment findings that are months to years old. Other forms of non-action are to belatedly proceed with the security remediation, only to have the project flounder due to non-support.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.