When I teach classes on governance, I ask the class if you were just made manager of something; security, change, problem or any of the COBIT processes, and you had a “greenfield,” what would you do first in the planning[i] phase? I get wide-ranging answers but they usually start with fix ...
more