Spoiledlunch

Why AI Governance Frameworks Are Security Theater

@spoiledlunch — Mon, 20 Apr 2026 09:00:00 -0700

Article • April 20, 2026 • 4 min read

Topics: AI, GRC

Why AI Governance Frameworks Are Security Theater Most enterprise AI governance frameworks are elaborate exercises in checkbox compliance that miss the actual risks. They’re designed to satisfy …

Read full analysis →

]]>

The SOC 2 Compliance Cargo Cult

@spoiledlunch — Sat, 18 Apr 2026 14:30:00 -0700

Article • April 18, 2026 • 6 min read

Topics: GRC, Security

The SOC 2 Compliance Cargo Cult SOC 2 compliance has become a cargo cult ritual in enterprise security. Organizations implement the ceremonial controls, follow the prescribed procedures, and wait for …

Read full analysis →

]]>

NIST Releases CSF 2.0 Quick-Start Guides for ERM and Informative References

@spoiledlunch — Mon, 23 Mar 2026 09:00:00 -0400

News Brief • March 23, 2026

Topics: GRC

Summary: NIST announced two Cybersecurity Framework 2.0 quick-start guide updates on March 23, 2026. The agency released the final SP 1308 guide on …

Read brief →

]]>

EDPB Sets a 2026-2027 Programme Focused on Compliance and Regulatory Coordination

@spoiledlunch — Thu, 12 Feb 2026 09:00:00 +0100

News Brief • February 12, 2026

Topics: GRC

Summary: The European Data Protection Board adopted its 2026-2027 work programme on February 12, 2026. The programme emphasizes making GDPR compliance …

Read brief →

]]>