Sorry for the late reply to this. The problem is that many people in the security industry are quite simply fed up of terms such as ROI, assessment this or assessment that. What they require and want is something technical and relevant. Not some long drawn out high level CISSP like document or standard which means little to them. SOX is a wonderful example of this. Ask those who implement these compliance audits. See if they have a grip on exactly what it is that they need to do. Recently wrote an article on SOX compliance and a great many of the readers expressed frustration at the SOX quagmire. There is a place for what you say, however cold hard information is the currency most desire in the realm of computer security, not more mellifluous terms.
Sorry for the late reply to this. The problem is that many people in the security industry are quite simply fed up of terms such as ROI, assessment this or assessment that. What they require and want is something technical and relevant. Not some long drawn out high level CISSP like document or standard which means little to them. SOX is a wonderful example of this. Ask those who implement these compliance audits. See if they have a grip on exactly what it is that they need to do. Recently wrote an article on SOX compliance and a great many of the readers expressed frustration at the SOX quagmire. There is a place for what you say, however cold hard information is the currency most desire in the realm of computer security, not more mellifluous terms.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/infocus/1861/598#598