I’m compelled to write once more about the biggest information security, privacy and compliance vulnerability businesses face, the human factor, after reading in SearchCIO, "Insider Security Threats: Watch Out for the Quiet Ones."
This story, however, pointed out that not only do businesses face significant risks of personnel purposefully deciding to do bad things, but that more often than not it is lack of policies, enforcement and training that lead to security incidents.
Yes, you definitely need technology, as the report indicates, but you also need strong policies, executive support, enforced sanctions, and ongoing awareness and training.
Yes, and this is also worth a deja vu…
Technology alone will not protect your business data; you also need strong policies, executive support, enforced sanctions, and ongoing awareness and training.
Technorati Tags
information security
IT compliance
policies and procedures
data leakage
encryption
awareness and training
privacy