When considering the alarming number of mega-data breaches and other such security incidents as they occur almost daily, and then compare the announced "root causes" and "used attack paths" of the incidents with the current state-of-the-art strategies to defend against attacks, I have come to conclusion that, unfortunately, security (risk, audit, and compliance, and any other assurance functions) is more often than not only "cementing" the status quo, that is the currently used processes or ways of doing business in a somewhat "secure" fashion.

Click here to view the article.