Security teams want to avoid being dubbed the “business prevention department” Tom Scholtz of Gartner says one of his European customers ruefully revealed two years ago that his team was slapped with that label. Instead, the security department should focus on creating a “defensible” cybersecurity program that demonstrates it has made the appropriate risk-based decisions and investments that also keep in mind business objectives. A cybersecurity charter should start with a cybersecurity charter – a brief document with no technology references that’s written in plain language.”]
Source: https://www.govinfosecurity.com/blogs/creating-defensible-cybersecurity-program-p-2784