Allan Paller
Allan Paller
audit competing due load partner path resources seems share shortest treat
It seems to me the idea of competing for resources with audit is the shortest path to going away. If you partner with them and share the load and treat audit with due deference, you have a shot. As long as you compete, it won't work.
ceo chance defining eventually executive possibly putting reduce responsibility risk saying simply spends takes
The ISO is going to the CEO saying there's a chance something bad, and possibly something embarrassing, could happen. But how much of a chance, the ISO doesn't know. And if he spends this kind of money, he can reduce the risk but by how much, he doesn't know. It's simply not enough data. Every other C-level executive does better than that and takes on the responsibility for defining the risk. Here, the CISO is putting the responsibility on the CEO. They don't want it, and eventually they won't take it.