Thanks for this terrific tool! As a virtual CISO, I’ve also pressed the case that policy and practice should be measured separately. In less mature companies, I’m inclined to press practice first (documented with standards) to protect IP and employee (or personal) data, and to learn what’s both practical and effective before formalizing into policy. This tool should help help build maturity without the false sense offered by policies.
by Stephen Lipka •