ABSTRACT
Over the years, information security managers have faced a multitude of security threats and risks, some of which have been minor, but many of which have been major in terms of the magnitude of potential impacts to the organizations that we have served. In many ways, we have been lucky, however. With the exception of viruses and worms, the threats against the computing systems and information that we have tried to protect have been transitory. If, in the past, someone tried to attack one or more of these assets, they either succeeded or failed, and if they failed, they generally moved on to their next target. A widely accepted axiom among information security professionals was to ensure that the assets of one’s organization were just a little more secure than the other organizations’ assets so the “bad guys” would ‚nd the path of least resistance.
