HomeStudy: Workers Say Security is Not Their Problem

Reply to comment

Wed, 11/28/2007 - 19:17 — Unknown Users

Ultimately, information

Ultimately, information security is not information technology's responsibility but the manager's responsibility...generally the C-levels. There is a distinction here between information security and information technology security. Technical controls to control information security stored in and/or transmitted over IT resources would certainly be an example of technical controls but there are other control groups...maangerial and operational.

But getting back to the article, while management is responsible for information security, every single employee has information security responsibilities. There is no excuse for putting a password on a yellow sticky note on a monitor. Sure, maybe if IT relaxed a draconian password policy that would be less likely to happen but on the other hand whatever the password policy is...if it follows the businesses' security policy...must be followed, no excuses.

Good write up, enjoyed the read.

Greg Schaffer, CISSP
newtnoise@comcast.net

Reply

  • Allowed HTML tags: <a> <b> <address> <blockquote> <br> <caption> <center> <code> <dd> <del> <div> <dl> <dt> <em> <font> <h2> <h3> <h4> <h5> <h6> <hr> <i> <img> <li> <ol> <p> <pre> <span> <strong> <sub> <sup> <table> <tbody> <td> <tfoot> <th> <thead> <tr> <u> <ul> <tr>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is used to make sure you are a human visitor and to prevent spam submissions. The captcha is case sensitive.
                _           _                      _ 
 __  __  _ __  | | __   __ | |__    ___  __  __   (_)
 \ \/ / | '__| | | \ \ / / | '_ \  / __| \ \/ /   | |
  >  <  | |    | |  \ V /  | |_) | \__ \  >  <    | |
 /_/\_\ |_|    |_|   \_/   |_.__/  |___/ /_/\_\  _/ |
                                                |__/
Enter the code depicted in ASCII art style.