Security is a complex matter for many companies. Management usually feels the IT department is responsible for choosing the correct technologies, installing and maintaining them, and keeping the environment secure. In general, management has never really been pulled inside the realm of computers and the issues that surround them. This distance and mentality hurts many companies when it comes to dealing with security effectively.

Historically, management has been responsible only for hitting its numbers—whether it be profit margins, sales goals, or productivity marks—and for managing people and projects. It has not had to think much about firewalls, hackers, and security breaches. However, this mindset is fading, and the new trend demands ...

Get CISSP Certification All-in-One Exam Guide, Fourth Edition, 4th Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.