As a traveling consultant, I visit lots of businesses during the year and examine their security plans. For decades, I’ve secretly scoffed at what they’ve tried to do because it was often too little, too late—and misdirected.

But these days, I run into more and more companies that get it right rather than wrong, with ideas that aren’t broken but instead work. My audits and reports, which used to be 100-plus pages long and contain dozens of critical and high-severity findings, are now a lot shorter. (I sure hope they’ll pay me the same for a much briefer report.)

Why the improvement? It’s been gradual, yet at the same time driven by an increasing sense of urgency. Here are some of the developments that, in my opinion, have led to a significant upturn in effective enterprise security.

To read this article in full or to leave a comment, please click here

Source: Security