Using the Risk Management Process to Effect Change

Over the many years I have been in IT and Security, one item repeatedly comes up. How can a Security Organization effect change when the operations and “regular people” are unwilling to make changes? It is a maddening problem. You know these issues need to be resolved, but the “regular people”, the owners, the customers […]