Quelle: CSO USA

A COMPUTER PASSWORD is tacked up casually on the cubicle wall. A doorout back is wedged open during a quick cigarette break. A laptop isleft carelessly behind in a taxi ride to the airport. And suddenly itdoesn't matter how good your company's security system is. It has justsuccumbed to human failure.

"I can have all the gadgets in the world," says Chris Apgar, datasecurity and HIPAA compliance officer for Providence Health Plans,"but if people don't understand the basics--like don't send thingsover the Internet, and make sure your files are put away--well, I canspend millions on security, and it won't do any good."

And so it goes with corporate security. People get busy. Ordistracted. Or careless. Or downright malicious. In fact, if there'sone thing about which people in the security field readily agree, it'sthat weaknesses in user practices pose a bigger threat to anorganization's security than any vulnerabilities in technology do.

"The best technology can always be circumvented by an employee," saysGary Morse, president of security consultancy Razorpoint SecuritySecurityTechnologies. "You can have the best security policy in the universe,but people just get busy." Alles zu Security auf CIO.de