ABSTRACT
News items come out on a regular basis related to information security. For instance, how hackers get the
better of it as well as the never ending security bulletins and patches to the information security products
are examples. A large number of security experts are engaged and working for security companies as well
as the companies that use these information security products to attend to this situation. These experts
are facing an evolving struggle in their attempts to find the hacker. One of the largest obstacles in front of
information security experts is in determining if the weakness is in the system or if it is the people or the
process that are to blame.