When you work in IT, security audits are par for the course. Like dental check-ups, they’re generally a good idea, but can still be painful (and expensive). They help uncover issues that need fixing, and raise senior exec visibility.

There is however a dark underbelly to security audits – they can drive counterproductive behaviours leading to unintended and undesirable outcomes.

Wouldn’t it be ironic if remediating a security audit item made your organisation less secure…? Continue reading →