While the “3 Lines of Defense” model described by ISACA has demonstrated its efficiency, by splitting the responsibilities of governing and implementing CyberSecurity, on one hand, ensuring its compliance and proper impact on risk management, on the 2nd hand, and finally auditing proper execution of the first 2 functions on a 3rd hand, the needContinue reading “CyberSecurity Operations and the 3 Lines of Defense model”
Category Archives: Internal Control
Trust does not exclude control!
Control activity is key to ensure the proper protection of an Information System, on top of prevention and detection activities. Breach Attack Simulation and Bug Bounty are booming.