There’s been a recent thread on LinkedIn I thought was interesting on the topic of what we should stop doing. I once had a CISO that came into the role – he was made aware that over 100 reports were being run on a monthly basis for the business. He asked what they were for and didn’t get a satisfactory response. He ordered IT Security to stop producing them. He received 2 emails complaining about it.
Previous post: Decision Trees