… Like, not very much.
An architect does not give a hoot about how the foundation of a new office block looks — have a look at any underground office parking garage and see how much effort the starchitect put into that [exceptions noted]. Yes, functionality-wise it’s all good, mostly, but the architect that wants to design a Statement building, hardly will use all his (?) pastel sketch skills on the form of the piles driven into the ground, eh? As long as it’s functional bedrock to build Beauty on, in the eyes of the beholder [i.e., infatuated critic(s) not so much the general public sometimes] and of the architect’s bill, not much thought is given to foundations.
The same [we’re coming to the pointe of this post yes finally] goes for information security.
From a strategic perspective, operational risks are mundane things to be managed i.e., controlled, subdued, not sexy or attention-worthy (!); don’t bother me with the details. Get it fixed period
From an ORM perspective, the same goes down (sic) towards IRM/infosec: Don’t bother me with the details: Get it fixed semicolon cheaply. I don’t want to hear complaints how difficult it all is and how much budget you are short. You don’t need to do anything beautiful or clever, just pour concrete. I want to do whatever business frivolity I get into my head [rather: some ‘boardroom consultants’ hah the oxymoron even without the oxy, often, mess with / push into my head]. Why should I care for the foundation?
You get it now, I guess.
[One lives on the inside but still, wants to have a nice look onto it from the outside, too, sometimes, no? A what about water-proofing your … floating in sometimes troubled waters? Amsterdam Omval area]