Polymorphic Security

According to the University of Sheffield, University Wire magazine, "Often in an organization, the weakest link is not the software on the systems or the hardware that makes it up; the weakest link is the individual." This thought seems to be the trend proliferating throughout modern organizations. Security awareness is measured as the degree at which the employee understands and acknowledges the necessity and importance of information security according to (Kruger & Kearney, 2006).   The purpose of security awareness is to ensure that an organizations information security policy is adhered to. It enables employees to appreciate and consciously follow outlined adopted best practices and procedures of the organization. Security awareness should stem from C-level decision makers who should know how important and vital security awareness is for return on investment and longevity of an organization. This thinking should trickle down to entry level of the organization and in ...

Businesses function to provide a service, product or even experience to their customers. The services and production of these products are supported by the implementation of information management systems. This relationship can be seemingly simple and straightforward. However, in a world where there is increasing competitiveness and criminal elements working to endanger an organizations reputation (espionage) and business viability companies need to embed controls, practices, procedures policies to protect the core functions. Security of information systems needs to be embedded as part of the policies, procedures and practices of an organization so that it is seamless and integrated. Organizations today would attribute to the effects of implementing a control in terms of numbers (financial cost). (Wilson, 2008) For example, the cost of not implementing encrypting a database in an organization that stores personally identifiable information should outweigh the encryption costs...