Can your organization obtain reasonable cybersecurity? Yes, and here’s how

Buried at the end of this article about implementing recognised security controls and a risk framework (good moves, do both, like this) is the real reason why organisations will do something…:

[…] Something else upper management will like is the support the Critical Security Controls provides during conflict resolution. Lazio and Davis concluded, “Implementing the CIS CSC will show due care in any conflict venue by demonstrating the organization is practicing cyber due diligence, even without a fully minimized risk posture.”

Original article