One of the things on my mind lately is a deceptively simple idea/question: How replaceable is an asset type? And a nagging question/observation: Why do we spend the majority of our time in IT security on the most replaceable assets like regulated credit card data – at the opportunity cost and neglect of less-and-irreplaceable assets [...]
