ABSTRACT

Security should be driven by business need. Controls should be designed to make best use of the facilities provided by technology, but must also cover the people and the processes that make the technology work.