hombrent
hombrent t1_j25vt9r wrote
Reply to comment by discgman in Ohio Supreme Court says insurance policy does not cover ransomware attack on software by homothebrave
If you think that being in compliance means that you can't be hacked, you've never worked in compliance.
Being in compliance just means that you have giant piles of paper with checkboxes that are all checked. None of those checkboxes actually enforce real security.
hombrent t1_j266uod wrote
Reply to comment by discgman in Ohio Supreme Court says insurance policy does not cover ransomware attack on software by homothebrave
Yeah, but you don't need to configure it well. You just need to document that you have it, and that only authorized people can configure it.
​
Oh yeah. And you need to write a policy that says that you need to have it.