My new company's InfoSec staff has security concerns about Cortana and has it disabled. Can anyone provide me some second opinions about the basis and validity of these concerns?
Disabling Cortana (on the lock screen only) was only recommended as a workaround for people who couldn't or hadn't yet applied the patch. Applying the patch resolves the issue:
The original McAfee article, by the researchers who discovered the vulnerability, also recommends the patch and only suggests disabling on the lock screen in the absence of the patch:
I hope that helps.