Chapter 5

Who Is Responsible for Security?

Bill Gardner    Marshall University, Huntington, WV, USA


No matter what their role in the organization, everyone is responsible for security. From the CEO to the mailroom, all users are at risk and can be targeted by social engineers in both technical and nontechnical attacks.


End users


Targeted attacks

Social media

Social engineering

Information Technology (IT) Staff

If asked, most people would say the information technology staff is responsible for securing the data of the organization. This is true because the IT staff is responsible for setting up the servers, network, client computers, firewalls, and other security products located at the edge of the organization's ...

Get Building an Information Security Awareness Program now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.