It is impossible to declare success in the absence of defining what success is. Indeed, there is no lack of passion within cybersecurity professionals, which include professionals interested in cyber policies and controls, or cyber professionals engaged in cyber operations. Each of these groups of professionals focuses on achieving cyber strength for their environment. Dealing with regulated environments can benefit from the following:
The challenge in the industry: Do our efforts result in a compliant data center and services? Are we making it more difficult for cyber criminals?
For some environments, a defined set of cyber controls and cyber policy can be a daunting task. There are thousands of controls, in fact within the US Department of Defense there are lingering controls from DoD 8500, agency-specific controls and policies, and other controls and policies all attempting to align with NIST 800-53 and other NIST standards.