Yesterday, while talking to a security expert, he asked me the question:
“If you only had one piece of advice to give to a brand new security manager who knew nothing, what would it be?”
Other than questioning why the security manager got the job in the first place, I briefly thought about this and responded with:
“Educate your users!”
My rationale for this response is the well known fact that users are the weakest link in the security chain. This has been widely accepted for a long time now. Anyone who has read Kevin Mitnick’s two books The Art of Deception and The Art of Intrusion (I have read both) will certainly agree with this comment.
At the end of the day, it doesn’t matter how much technology you throw at a problem, if you don’t have the educated people both administering it and using it, you have got very shaky foundations.