Myth 8: Security is the responsibility of a specialist department

Posted: December 20, 2011 in SSL
Tags: , , ,

For the final myth in our series isn’t just about SSL – it’s about security. The prevailing attitude at organizations – no matter the size – is that the responsibility for security falls in the court of someone with a job title related to security, like application security specialist, cyber security guru or chief security officer, and so forth.  As a result, the well-known SSL vulnerability announcements (and any security alert for that matter) are often overlooked and ignored by the development staff.

But in reality, when employees use SSL technology, as provided by their company’s VPN client vendor to remotely log in to use sensitive company resources, they should bear some responsibility for ensuring security. Yet, few of these employees ever realize that effective security should be everyone’s concern.

Of course, this mentality is not entirely the fault of employees. The companies themselves and their executive leadership are ultimately responsible for ensuring all personnel have adequate security training. Legal statutes and regulatory regimes in every industry require companies to create a culture of awareness and security knowledge through effective training programs. When organizations lack definitive security policies, this type of thinking is more pervasive.

But in today’s world, the stakes are far too high for a single department to shoulder the full responsibility for securing an organization. All employees, no matter where they sit in the organization, should have some degree of security training.


Copyright (c)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s