We want to give some “security recommendations” to our operation in 1st line. We will come up with the security recommendations, after the result of audit testing, policy exceptions or risk findings etc.
What function do you recommend for that? Issues og Project management.
It could be nice to have and “end date” for implementation our recommendations, and to see some relation between controls, exceptions and risk to those recommendations.
Issues or projects?
Thanks