Needed yesterday
'"The reality," he told us, "is that cyber is not purely technical and topics like governance, risk, compliance and law will become more important in the future."'
And the nature of governance, risk management and compliance need to be radically overhauled, because, as currently practiced, they are commonly little more than process driven rituals.
It's largely been forgotten (even by standards setting bodies) that there's one fundamental attribute of any successful management process - it has to actually deliver a functional result.