We should mean almost, digitally. With serious considerations to best practices, widely acceptable principles including that of, directly and indirectly related, applicable laws and, if any, for the sake of thoughtful and sensible transparency. Almost everything, in this case is about, as nations and industries are already taking it as an initiative to protect entities such as people, enterprises, assets, properties including but not limited to information, which is the sole subject of information security specialists but it's reality is more complicated than arguing on which security can cover which area. Technology practitioners should appreciate it. Those who goes beyond a few specializations could realized it and make an effective position paramount to a cybersecurity responsibility. And the size of that responsibility may mean breaking and delegating it with various roles, with those who are effective and prudent in their jobs.
IT organization must be able to demonstrate that even Windows administrator and Unix root and related super privilege accounts can be controlled. It must be emphasized very strongly that it is inviolable to business to make mistake induced by IT in a surprising manner. Inadvertent use and access to these accounts can be devastating to business and its reputation to stakeholders. Meaning all systems are being used by everyone, authorized, without the IT people having to look, tinker and update configuration from time to time. Everything is final in the production systems except for regular software including firmware updates that must be applied, still they must be approved first. Though there are chokepoints (software are released but will require regular update, and stability, if any, is achieved that way only) where a system malfunctions, they are only temporary and can be fixed easily by focusing on an affected account or process. They don’t impact business system or whole IT operat...