What prevents breaches: process, technology or people? One answer is PC, and one is right.

When I served on a panel about data breaches at the ISACA Silicon Valley chapter conference recently, the moderator asked, “To prevent data breaches, which is more important: process, technology or people?”

My fellow panelists (three CISOs and two highly experienced consultants) all answered ahead of me: “People.” I was surprised. Here I was the only awareness specialist on the panel, yet my answer was process.

Without process, I explained, the people don’t know what to do. Without process, there is no right way to implement technology. Process is implemented through governance. As I discuss in Advanced Persistent Security, without governance your security program is an accident.

To read this article in full or to leave a comment, please click here

Source: http://www.cio.com

Leave a Reply