Compliance is based on the idea that if you are in compliance with a particular control (per NIST 800-53, say), then you have reduced the risk the control is meant to protect against by default. Compliance doesn't reduce all of the risk, but yes, it will reduce the risk profile to a degree depending on the control.
Multifactor, non-phishable credentials do reduce risk of unauthorized login, absolutely. It reduces the risk of having a username and password that anyone can use if they know it. Give someone the PIN to your PIV or CAC card, and it's useless without the card. The risk then is that someone grabs your card and then beats you for the PIN, but that's a much less likely scenario. Sure you can mitigate brute force attempts at guessing passwords, and you can check things like source IP of the client and make decisions whether to allow the login or not.
The problem with compliance in my experience is that while it does reduce risk, when your mission must use or configure equipment that doesn't or can't use that control for some reason, the IT powers that be (esp. in government) demand you comply anyway, or else, even if you have mitigated that particular risk with compensating controls. That's when 'checkbox compliance' becomes a real threat to mission success.
You can do anything you want business-wise under a single LLC, though the IRS wants you to identify the primary business category you're in, they really just want statistical info, it does not prevent you from doing other types of work under it. The point of separating into multiple LLCs (or S or C corps) is entirely to isolate the risk of financial ruin including bankruptcy. If a separate LLC fails, goes bankrupt, gets sued, it won't impact any of your other LLCs unless you've intermingled accounts and pierced the corporate veil, so to speak. If you're doing anything that requires a professional license such as health care, engineering (building bridges), and so on, you'll want to get advice from the experts, but NOLO guides would be a good start.
Certainly. I felt the way you describe my whole life until 2016. In 2013 I had a sleep study done. I had what's called central sleep apnea, an issue where the carbon dioxide 'sensor' in my brain stem wasn't functioning properly, so it didn't detect when I needed to breath in again. Not as easy to replace as my car's oxygen sensor unfortunately. I needed a BiPAP, which pushed air in and pulled air out -- first doc put me on a CPAP and it was much worse. BiPAP was not fun but it helped.
I would take the machine to the neurologist monthly or so, he'd read the SD card and show me the results: stopped breathing at least 40-100 times a night.
Fast forward about 3 years, I entered into ketosis -- that's another story, but for now it just means that I stopped eating all carbs, my liver started pulling fat from my diet and fat stores and forming ketones. Muscle would burn the fat, the brain would use the ketones exclusively.
I felt amazing, slept incredibly well, did not nap during the day, was just all manner of incredible things happen from that. Went from 202 to 187 in about 55 days (I wasn't monitoring it, just knew what I'd weighed, and went for a weigh in to get clearance for a gym at work one day and there it was. I was shocked.)
Took the BiPAP machine in about 3 months after going into ketosis: Zero events. I had zero times I stopped breathing at night.
Maybe my cause was different, but I'd bet anyone going into ketosis for a period of months would see healing in the brain that may help this and other issues. I think this because back in the day, epilepsy was treated with a diet that kept patients in ketosis, and after about 6 months, they no longer had epilepsy. Sounds to me like the brain did some repairs it couldn't do when on carbs.
I now think ketosis used to be our natural state before agriculture. Not like there were vending machines with Snickers bars on the savannas we evolved on - high carb diets I don't think existed. Wish I could find the reference, but some research showed that someone on the typical modern diet (high levels of blood glucose) would, when given ketones exogenously (they ate or drank them), have them taken up by the brain immediately -- the brain prefers ketones, even over glucose, the opposite of what we keep being told. Hardly anyone today ever enters ketosis with our diets.
Before doing any further drastic and potentially irreversible things like surgery or drugs, I'd seriously consider trying to get and stay in ketosis for at least 3 months and see how that affects your apnea. It can be a challenge, but not insurmountable. First couple of weeks may be hard, read up on what to do to get through that time, then stick with it for a while.
(EDIT: Forgot to mention, I had GERD too, that's gone. No more acid reflux, even when I eat foods that used to trigger it.)
Multifactor, non-phishable credentials do reduce risk of unauthorized login, absolutely. It reduces the risk of having a username and password that anyone can use if they know it. Give someone the PIN to your PIV or CAC card, and it's useless without the card. The risk then is that someone grabs your card and then beats you for the PIN, but that's a much less likely scenario. Sure you can mitigate brute force attempts at guessing passwords, and you can check things like source IP of the client and make decisions whether to allow the login or not.
The problem with compliance in my experience is that while it does reduce risk, when your mission must use or configure equipment that doesn't or can't use that control for some reason, the IT powers that be (esp. in government) demand you comply anyway, or else, even if you have mitigated that particular risk with compensating controls. That's when 'checkbox compliance' becomes a real threat to mission success.