Quite an attention seeking title I would think. Apart from the obvious read further carrot I think there is a place for commentary on this subject. I am sure many of my industry colleagues will disagree, but have we been lured into a false sense of security relying on policies and accreditation certificates? Now let me say upfront only a fool would suggest that regulatory standards and accreditation are pointless and without purpose. The question here is have we relied on them to solve all our problems? Have organisations moved away from security tools, intelligence gathering and actionable evidence in preference for documentation controls? I guess we need to go back to when it all started. For those that remember there was a time when the security administrator was also the security manager, security architect and risk manager. Business and technology had not yet collided leaving an amalgam of confusion and....