When I look at security policies of any organizations I am confounded by their complexity and the level of details it specifies. Security is more about Common Sense and Discipline then about laying down intricate and elaborate policies and fruitlessly trying to implement them. A lot off security lapses could be resolved if organizations figured out a way of making the right people responsible for security. Just think of it in most organizations the ISO group is responsible for information security but they do not own or control any information they are supposed to protect. Wouldn’t it make more sense to have each group handle the security for the resources they control?
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment