In the following diagram, we see that the information security teams are providing multiple reports to the customer. The customer is responsible for mitigating the risk through their own processes:
These are the main highlights from this phase:
- This would be what I consider data overload, where the customer has so many things on their plate that they simply give up
- This is a one-way street or a radio that broadcasts to anyone who is listening
- There is a lack of interaction between information security teams
- There is no accountability for fixes