security is incomplete without you because..?
Answers
Perimeter security, network security, endpoint security, data loss prevention etc almost covers every aspect of security with respect to infrastructure. Application security, web server security, web services security, DB security etc covers almost all application level security.
But, the most important aspect of security is 'YOU'. Yes, we, ourselves are the most important aspect of security. Let's check on the following behavior:
-- Sharing your PC password with your boss, other colleagues
-- Leaving your PC un-attended, when you go for tea/coffee
-- Talking about your company data in public places/coffee bar etc
-- Setting weak password, setting same password for all applications, OS etc, other behavior with respect to password.
etc, etc.
All this involves YOU (rather us). Even if your company's security policy is very strong, Your company uses all new and latest technology security application. But, if we continue with our negligent behavior and don't take the security aspect in our job seriously, then no security application can work.
Even, hackers today started to do social engineering to leverage this kind of behavior of us. Many information of ours (including our job structure and hierarchy in our organization) are useful for hackers.
Therefore, it's extremely important for an organization to imbibe the security best practice in its employees. Make its employee aware of their responsibility towards securing organization's sensitive data. This aspect is rather more important than anything else in security.
This could be achieved through security awareness program followed by test and so on. Organization should be serious in communicating its security objective to its employees firmly.
Security is incomplete without us, and we should not be the weak link in the chain.
perimeter security,network security, endpoint security,data loss prevention etc almost covers a very aspect of security with respect to infrastructure.appilcation security,web server security,web services security,DB security etc covers all most all application level security.