When you work in IT, security audits are par for the course. Like dental check-ups, they’re generally a good idea, but can still be painful (and expensive). They help uncover issues that need fixing, and raise senior exec visibility.
There is however a dark underbelly to security audits – they can drive counterproductive behaviours leading to unintended and undesirable outcomes.
Wouldn’t it be ironic if remediating a security audit item made your organisation less secure…? Continue reading