@cdc wrote:When was the last ISC2 security risk assessment performed and what were the results?
When was the last ISC2 security risk assessment performed and what were the results?
I have a feeling they concluded that performing a risk assessment was too much of a risk...
Would you share a list of what you consider "academic" and therefore not worth time to implement?
@AppDefects, great catch! The lack of content security policy is the main reason for the C grade. Troy Hunt, Microsoft Regional Director and MVP, has several articles on his website about its purpose and how to configure.