The Great Security Race
When it comes time to present assessment results, I’m often asked to benchmark the company being assessed against similar organizations. As someone who has built a career around assessing information security programs, I always find myself asking the same question: what’s the purpose of such a request?