I work for company about 160 users. we have a nice security framwork and a manual full of polcies, but when security incidents are found the people I report to kinda back off and tell me we have to pick and choose the political battles to fight. Its like they want security but its all for show. Im currently the security analyst and I report to the security officer. Im not sure how to handle this situation.
