You should go beyond identifying Risks. You should actually outline remediation and mitigation plans for each Risk found and set some goals/target dates for when they’ll be resolved. Some progress is better than no progress.
“... is still vulnerable to hackers — in part because gaps they identified five years ago remain...”
https://www.databreaches.net/university-of-baltimore-exposed-student-identity-information-for-more-than-three-years-auditors/
No comments:
Post a Comment