Comment by kevincox
Hardly anyone can tell, until everyone can tell, because you have a breach.
It's similar to the idea that if you aren't doing restore drills you aren't really taking backups. But people rarely test their auth rules.
Hardly anyone can tell, until everyone can tell, because you have a breach.
It's similar to the idea that if you aren't doing restore drills you aren't really taking backups. But people rarely test their auth rules.
You could do everything correctly and still have a breach, so practitioners are quite fatalistic about it. The key is to diffuse decision making responsibility so that its not clear who can be fired.