Security's shortcoming: Too many machines, not enough training
Source: SearchSecurity - Posted by Pax Dickinson   
Security Companies can spend all they want on antivirus, intrusion prevention systems and all-in-one appliances. These tools will do nothing for enterprises that ignore the human side of security, said Tara Manzow, product manager for the workforce development group at the Computing Technology Industry Association [CompTIA].

"Security has to be everyone's concern, right down to the person who fills the mailboxes," Manzow said. "You have to educate anyone in the enterprise that touches a PC."

Unfortunately, too many companies are missing the point, according to the 489 IT professionals the Chicago-based association surveyed in December and January. CompTIA, which provides IT certification, among other things, found that 40% of organizations surveyed have suffered a major IT security breach. Human error was to blame 79.3% of the time, the study found.

"First and foremost, the findings show that due to human error, it's imperative that your IT staff be trained and certified in security," Manzow said. "It's also crucial to have a security policy in place and ensure that everyone is abiding by it."

Those findings are backed up by the rash of recent disclosures of data theft, particularly powerhouses ChoicePoint and Lexis Nexis, which both were emphatic that their breaches came not from technology but the flawed processes and policies within their organizations.

Read this full article at SearchSecurity

Only registered users can write comments.
Please login or register.

Powered by AkoComment!