Things that are true are often heard too much and we become “immune” to them.  Other things are true but not heard often enough.  This is especially true at Info Security conferences.  My list (add yours, please): Heard too often Not heard often enough You need to have an information security policy Control testing should … Continue reading →