[LINK] DNS outage?

[Martin Barry]

$quoted_author = "Marghanita da Cruz" ;
> 
> The few people who understand the business and the technology are hopefully
> running the business. The auditors are just an additional check and has been
> shown in the financial sector - where one would guess the uncertainty and risks
> are easier to quantify have ultimately been of limited real value. Despite the
> level of scrutiny SOX supposedly introduced in the US, we still had the GFC!
 
There are other factors such as the PCI DSS requirements for those accepting
credit cards online. 

It's internal relevance is quite good, allowing those doing the right thing
to give their systems and processes a health check.

It's external relevance is limited as it's only done every 12 months and
it's quite easy to treat it as "security theatre" and just ensure you tick
all the boxes on the day.

cheers
Marty