ABSTRACT
In many companies, information security has traditionally been part of the information technology (IT) function. In the days of the mainframe, system administrators were responsible for ensuring that it was secure. Security was centrally controlled and typically, only a few people did anything related to security. This worked because of the tight control on security.
