Why Excel is a bad choice for a security audit

Excel is easy to use, but you can lose or destroy your data pretty easily. Although risk assessment standards such as ISO 27001 or PCI DSS 1.1 have a one dimensional hierarchical structure of controls - you can get into big trouble once you try and link controls to vulnerabilities, assets and threats. The model starts getting multi-dimensional and that’s where Excel breaks down quickly and you lose data integrity.