incomplete: a better representation of risk and compliance

I really don’t know where the fuck this post came from or where I was going with it. It offers nothing, but the picture links are fun! Took me a bit on the wildebeest one to realize I was trying to say “just another beest in the herd” with the “middle” pic. To my sensitive readers (really, there are sensitive security geeks?), skip the seal pic.

1. Too many words in PowerPoint presentations are bad. More creativity, more pictures, more visualization. Less words, less boring.

2. We also have this need to give quick representations of our risk or compliancy to management, often in the form of scores or grades.

I think these ideas should be combined “mashed up.” Screw the grading scale of A, B, C, and the levels like high, medium, low.

Imagine: You walk into the board room with several managers and execs. They get around to asking you how the company looks as far as compliance to PCI and/or your desired security level. You stand, flip open your notebook, and pull out a card the displays this picture:

seal clubbing

I don’t have to give details, I think it speaks for itself: STATUS BAD!

Here are some more examples of compliance status levels.

Bad
Medium
Good
Good