"K. K. Mookhey" wrote: > > Youre absolutely right. Educations is always the key. > > In my opinion, we need to target three segments of people for increasing the security of any organization in general. > <snip> I agree 100% with kkm's list and everything he said. However, I'd like to add a segment to his list: Boards of Directors, C-level corporate officers and corporate risk managers. It's been my experience that in organizations in which this segment knows and cares about security, the other segments are much farther along and it's much easier for them to get the training and support they need to fill in the gaps. In organizations in which this segment does not know or care about security, this is reflected in the other segments. Even if all of the others were well-intentioned and self-educated, it is very hard for them to function in a secure manner. If information security is not part of a corporation's IT governance process, support for the other three segments will be spotty and limited at best; nonexistent or resisted at worst. My $0.02. -- George W. Capehart Capehart Associates LLC Phone: +1 704.678.1660 1604 Nottingham Drive Fax: +1 704.853.2624 Gastonia, NC 28054 "We did a risk management review. We concluded that there was no risk of any management." -- Dilbert
This archive was generated by hypermail 2b30 : Sun Dec 01 2002 - 21:45:40 PST