Security is Personal

Mark McDonald wrote a great post on his GartnerGroup blog about security that you must read: Security is personal and professional more than technical.  The money quote for me is:

Security is an asymmetric game from a technical perspective where the attackers will always have the advantage.  They have the advantage because there are always more attackers who collectively have more resources than the single company seeking to thwart their attempts.  Yes each attacker may be small, but that is not always the case given recent stories regarding attacks on email systems.

The only way a company can start to address the imbalance is to change the game from many attackers against a single company, to many attackers against every person in the company.  Mobilizing and reminding your people about their role in security is not a technical issue.  It is a personal and professional issue.

IT definitely has the responsibility to do all it can to address security vulnerabilities but all members of an organization  must be responsible for the decisions they make daily. Behavior is just as important as technology.

Follow Mark’s work.

2 thoughts on “Security is Personal”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s