Wannacry incident provides opportunity for information security managers to demonstrate what they did right and how management decisions (and investments) directly impacted how the organization was But that will require self-discipline. Independent validation of skills and the promulgation of strong and enforceable codes of professional practice. Make sure that the vendor is fulfilling their signed negotiated commitment to their signed signed contracts. It’s time for information security practitioners to be recognized as professionals. But that’s not enough, they need to be self-confessed.”]
Source: https://www.csoonline.com/blog/behind-the-audit-curtain/