Management myopia adds to the risk. Most CIOs are well aware that careless, risky behavior is a major security problem; many also worry about lack of employee awareness, and resistance to security problems. Still, many companies are dropping the ball by letting security policies lapse.
CIOs seem to be putting their faith in technology, and forgetting that poor security is primarily a behavioral problem. Companies that put an enterprisewide IT security strategy in place will do better at raising employee awareness about security policies and procedures.
This article was originally published on 12-15-2005