Is the juice from security assessments worth the squeeze?
The truth is third-party security assessments take hours to complete and many more to analyze. And, when you consider that an assessment is a self-attested information subject to human error and unintentional oversight, should organizations be making risk management decisions based on questionnaire data?
Debating the topic are:
David Wilson, Director, Compliance Assurance ACI Worldwide
