We have all heard the classic line “Security is everyone’s responsibility”… yawn… thanks “Security Team”, but what does that mean and more importantly what do you want me to do with this precious gem of wisdom?
Firstly, what this means is that it is impossible (yes, impossible) for a Security Team to “Secure” a business by themselves. Never forget, every security incident that has ever happened is because of something, someone did at some point e.g. bad decision, poor practice, silly mistake, uneducated, ill-informed, mis-informed, unskilled, malicious, unable to influence decision makers, <the list is long, insert more reasons here… all of the incidents, all of them, all the bad stuff that has ever happened in security can be linked to a human… agreed?! cool, let’s move on.