There are two primary choices in life: to accept conditions as they exist, or accept the responsibility for changing them.
Given that security breaches and intrusions continue to be reported daily across organizations of every size, is information security really effective? Given the rapid evolution of new technologies and uses, does the information security group even need to exist?
Obviously, this is a somewhat rhetorical question. I cannot imagine that any sizeable organization would operate well without an information security function. The real issue is whether the information security group should ...