In most organizations you are constantly upgrading your security controls. This is for many reasons, including: • New threats induce higher risk exposure and require new forms of mitigation • New assets or business processes change the risk profile requiring better controls • Old controls, or wider mitigation frameworks, may have newly discovered flaws • Current controls might be harming organization agility or efficiency in the context of business goals • New legal, regulatory or c...
