hombrent t1_j25vt9r wrote
Reply to comment by discgman in Ohio Supreme Court says insurance policy does not cover ransomware attack on software by homothebrave
If you think that being in compliance means that you can't be hacked, you've never worked in compliance.
Being in compliance just means that you have giant piles of paper with checkboxes that are all checked. None of those checkboxes actually enforce real security.
discgman t1_j260nvg wrote
Actually I’ve been involved in said policies and we had to have actual equipment and software in place
hombrent t1_j266uod wrote
Yeah, but you don't need to configure it well. You just need to document that you have it, and that only authorized people can configure it.
​
Oh yeah. And you need to write a policy that says that you need to have it.
discgman t1_j26h6oa wrote
We also did a security audit paid for by state funding
Viewing a single comment thread. View all comments