Many companies do not have a proper security governance framework in place. Security needs to deal with the basics such as good governance, good governance patching and situational awareness to name a few a few. Security patching is something that should be a defined repeatable process and we should not have to constantly trot this one out for discussion every time there is compromise or the auditors come for tea. IT governance is killing innovation, says Vermin Vermin. Vermin: IT governance needs to be addressed that it needs to address the underlying framework that needs to not be an impediment.”]
Source: https://www.csoonline.com/article/2136179/innovation-and-the-law-of-unintended-consequences.html