Relevant to Equifax.. the article should have -<p>6) Do you have a up to date list of all assets in your network/platform with assigned owners? Have the components of the assets been registered for vulnerability notifications?<p>You are running blind if you don't know what's in your platform. How can you secure something if you don't know it "exists" ?
I've come to a point where I really think no company will ever have even competent InfoSec practices. I've worked at a fortune-100 (terrible due to scale probably), a small InfoSec consulting firm (terrible due to lack of scale and non-caring leadership as ironic as it is) and now a global firm (terrible due to scale and poor training).<p>I have no idea how to solve this problem, it seems impossible.