Conversation

Notices

1. Embed this notice
   Fi 🏳️‍⚧️ (munin@infosec.exchange)'s status on Wednesday, 29-Jan-2025 03:40:14 JST Fi 🏳️‍⚧️

   Phishing tests constitute a failure of governance.

   • Embed this notice
     silverwizard (silverwizard@convenient.email)'s status on Wednesday, 29-Jan-2025 03:40:13 JST silverwizard

     in reply to
     @munin Our Cyberinsurance requires it and I hate it so much. It basically means I'm forced to send them out without any reason or value. When I pushed back they sent me a document KnowB4 sent them.
   • Embed this notice
     silverwizard (silverwizard@convenient.email)'s status on Wednesday, 29-Jan-2025 03:50:11 JST silverwizard

     in reply to
     @munin That;s valid I guess. I just have a feeling the failure starts at the insurance side.
   • Embed this notice
     Fi 🏳️‍⚧️ (munin@infosec.exchange)'s status on Wednesday, 29-Jan-2025 03:50:12 JST Fi 🏳️‍⚧️

     in reply to

     • silverwizard

     @silverwizard

     If your management has failed to negotiate the terms of your insurance to adequately represent the realities of your organization,

     that constitutes a failure on their part,

     which is a failure of governance.

   • Embed this notice
     Fi 🏳️‍⚧️ (munin@infosec.exchange)'s status on Wednesday, 29-Jan-2025 03:54:50 JST Fi 🏳️‍⚧️

     in reply to

     • silverwizard

     @silverwizard

     Yes, but that's not within the scope of your organization and is not your problem.

     Treating it as a failure by management to manage their requirements appropriately puts the agency and responsibility on management for fixing the situation.

     silverwizard likes this.